Best practices: when to use Total TLS

I’m looking at Total TLS:

The docs aren’t really clear. What would be the best condition for you to use this?

I’m guessing, if you have “a lot” of subdomains, or just a lot of A records other than @ and WWW?

Universal SSL:
example.com
*.example.com

This means that both example.com, and one level like www.example.com, dev.example.com and intranet.example.com are included in Universal SSL.

If you have different intranets in your organisation, and require it all to be below intranet.example.com, such as intranets separated per continent, e.g.:

eu.intranet.example.com
na.intranet.example.com
as.intranet.example.com

Then this set up will not work alone with Universal SSL, as Universal SSL only covers the first level (e.g. intranet.example.com).

If you have one or more host names that are not already covered by Universal SSL.

Total TLS will then make sure to create and renew certificates for these (unless you opt out by deleting one or more of these certificates manually).

In the above intranet example, Total TLS will be creating certificates for eu.intranet.example.com, na.intranet.example.com and as.intranet.example.com, so you don’t have to see security warnings in your browser.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.