Configuring SSL for multiple subdomains


#1

I need to set up SSL for a domain with five subdomains, two of which point to different servers in different locations. Budget is small, so I’d like, if possible, to use Cloudflare’s free SSL cert option. Would this cert option provide SSL encryption for all subdomains?


#2

Cloudflare’s free SSL cert covered your domain and any 2nd level subdomain (with a cert issued for example.com and *.example.com). So that would cover fo.example.com and bar.example.com but would not cover foo.bar.example.com (since that would be a 3rd level subdomain).


#3

Thanks – clears that up.

Another question, if you don’t mind. To upgrade to the Dedicated SSL Certificate, is it simply a matter of buying the cert, replacing the existing cert, and pointing config for domain and subs to the new cert?

Sorry to ask a dumb question, but I’m having some confusing issues with config at the moment and could use some hand-holding.

Thanks!


#4

If you upgrade to a dedicated SSL cert through Cloudflare we take care of all the process in the background… as soon as the cert is issued by our CA partner we push it to our edge (globally) and it gets picked up and used. Totally transparent to you, no action required.

The only real differences between a universal ssl cert and a dedicated cert are a universal cert is a shared SAN cert (other domains show up on the cert if you dig deep enough), it’s issued to Cloudflare and has SNI support. A dedicated cert will have just your domain and support non-SNI clients (a few older browsers).

If your question is about what certs to possibly install on your individual servers behind Cloudflare, for that you can use our free origin certs https://support.cloudflare.com/hc/en-us/articles/218408028-How-to-install-an-Origin-CA-Certificate-Other- or ask your hosting provider to use a self signed or let’s encrypt cert for your domain which most support.


#5

Thanks for the fast, informative replies, cscharff – very much appreciated.


#6

hi, I have been trying to figure out where to post my question but I don’t understand how to start a new topic on this forum, I have a purchase a Dedicated SSL though my Cloudflare account and I have the Pro Plan, where I look under the settings Crypto for my account it says my SSL is Full but there is also an option for Full (strict) which one should I have for my site? Also under hosts it appears like Im using 2 certicificates, a Dedicated one and an Universal one, Should I delete the Universal(Shared)?

listalegal.com, *.listalegal.com (2 hosts) Dedicated 3 View
listalegal.com, *.listalegal.com (2 hosts) Universal (Shared)

Thanks for your help in advance,


#7

Hi – original poster here. I can’t directly answer your question, but for what it’s worth, when I visit listalegal.com, my browser seems to think your site’s SSL is properly configured (tested with Chrome and Firefox).

Cloudflare support might weigh in here to answer your question, but if you want to start a new thread, you can go to the Cloudflare Community homepage and click on the “New Topic” button, which is located on the right side of the screen above the list of topic categories.


#8

will a dedicated ssl installed on a subdomain show certificate issued to domain.com or cert issued to subdomain.domain.com in the cert info?


#9

The free and $5 certs show example.com and *.example.com (a wildcard).

I believe the $10 cert shows example.com, *.example.com, and then lists all the custom subdomains you choose.


#10

thats what i needed to know, does it show ssl issues to domain.com or *.domain.com or sub.domain.com in ssl info ? incase of a site is visited at sub.domain.com