We have a business plan account with an EV certificate for our primary domain but we also have a wildcard certificate for all of our subdomains. We’d like to have our sub-domains flowing through Cloudflare but this causes an SSL issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH. I’m trying to figure out if there’s a way to have both of our SSL certificates installed for this scenario but I’ve had no luck and found no documentation regarding that configuration. Everything looks like we can only have 1 SSL certificate installed other than a certificate pack but only if the domains in them are the same and just to support older browsers which isn’t what we’re trying to do. Is this something that can be done?
You’re allowed only one custom certificate to upload. You’d have to generate a new cert with example.com and *.example.com. Otherwise, you’ll have to rely on your primary certificate for the root domain, and a Cloudflare-provided Universal SSL for the subdomains.
That’s what I thought. It’s an EV certificate so it can’t be created with a wildcard value. Using the EV certificate for the primary domain and the universal for the sub-domains might be acceptable, at least for our test domains but probably not our production sub-domains.
1 Like
There have been many articles written on this Community and elsewhere that point out that there is no security benefit in EV certs. They provide the exact same security as DV and OV certificates.
Is there a particular reason you need to use an EV cert?
If you absolutely must have an EV cert, then you can get an EV SAN certificate covering the individual names required.
If you decide that the EV requirement is not really a requirement, then the Universal SSL will cover the root domain (example.com) and all first level subdomains (something.example.com). The Advanced Certificate Manager add on (ACM) will enable you to get Cloudflare managed certificates covering multi-level subdomains (something.dev.example.com).
4 Likes
Its an ecommerce site and you need EV to get the green bar in browsers.
Only if your users have time machines. All browsers removed the special UI markers some time ago. The only people saying EV has any benefit are the CAs who are shilling EV certificates.
If you needed EV for e-commerce, then Amazon are doing it all wrong, along with the top 10 websites globally, none of which use EV certs.
3 Likes
Thanks all. We’ve got a couple of options to consider to get what we’re after now. Take care.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.