All geek questions in one place

Ssl multi domain website

We need to protect the multilingual web application with SSL (registration, login, ..). However, this application is accessed by different domain names, exactly the domain name for each language (domainName.co.uk, domainName.fr, domainName.it, etc.). We are looking for the simplest and cheapest solution. We do not want to purchase a certificate for each domain name. Does anyone have an idea? Web Server: IIS 6 Thanks

+4
source share
3 answers

You can purchase multi-domain certificates from several certificate authorities, including GoDaddy, which calls them multi-domain certificates or UCC certificates.

+2
source

You can purchase a "wild card domain certificate", so it will cover *.whatever.com , these certificates are a couple of hundred dollars. The advantage is that there are no restrictions on the subdomains that it covers.

If you have a mess in the TLD, I recommend redirecting to a "secure" server for sessions. Remember that the whole session must be protected with ssl or it makes no sense. Your cookie value will be skipped and an attacker can authenticate without a username / password. This has become more detailed at the top of Owasp Top 10 2010 A3: Broken Authentication and Session Management.

Another option is that some certification authorities offer quantity discounts, but you will still be raped in terms of cost.

+1
source

UCC seems to be different from MDC, I'm still learning what it is, but at Comodo http://www.comodopartners.com/products.html they seem to imply that UCC is more suitable for Microsoft Exchange server and office communication.

I do not think goDaddy offers Multi Domain Certs. Can someone shed light on the difference between UCC and MDC?

0
source

Source: https://habr.com/ru/post/1306987/

More articles:


All Articles