Wildcard SSL for multiple servers IIS

Hi,

We have multiple servers like Development, Staging, Prod and in each server we have multiple websites on IIS like devsite1.mydomain.com. devsite2.mydomain.com in development machine and websites like stagingsite1.mydomain.com, stagingsite2.mydomain.com in Staging machine and similarly in prod machine.

I would like to create a single wildcard SSL like *.mydomain.com and wants to apply to 3 servers Development, Staging, Prod.

How do we achieve this? or what is the recommended approach for this scenario? Please let me know.

Wildcard certs require DNS authentication.
If all your systems can access DNS, I would configure each to obtain a wildcard cert individually,

Unless the cert has to be the exact same one, three certs with the exact same FQDN should solve this problem easier.

Hi @rk_guturu

it’s always the same.

Read the basics:

Then select a client.

A wildcard requires dns validation, so your dns provider should support an API.

If not, it may be painful / manual.

3 Likes

Hi @rk_guturu

You don’t want to share a wildcard cert with non-prod systems, unless they have the same trust level as prod. Anyone who has access to their private keys can perform MITM attacks against prod - either passive (reading session data such as passwords) or active (injecting or modifying session data).

If the same people have access to both prod and non-prod, and both systems have the same level of security and hardening - sure, a wildcard cert can be shared.

Otherwise I would recommend setting up a non-prod subdomain for all your non-prod systems and issuing a wildcard cert just for the subdomain (e.g. *.dev.example.com) while keeping the the main domain wildcard cert (e.g. *.example.com) for prod systems only (as long as they all have the same level of trust).

1 Like