Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

How to Install a Wildcard SSL/TLS Certificate on Multiple Servers?

If you’re looking for a Wildcard SSL/TLS Certificate, I think you already might be aware of how useful it can be when it comes to securing multiple subdomains without having a different certificate issued for each of them. It’s one of the reasons why Wildcard SSL/TLS certificates are chosen by big organizations as well.

Wildcard SSL/TLS certificate is also advantageous to secure subdomains that are on multiple servers. It helps secure all the sub-domains via a single Wildcard SSL/TLS certificate. For instance, you can secure subdomains hosted and managed through different departments which can improve efficiency such as, blog (blog.exampledomain.com) through WordPress host, support page (support.exampledomain.com) through the third-party helpdesk vendor and billing page (billing.exampledomain.com) via accounting company on some other server while directing your website visitors directly to subdomains without making them visit through the home page.

Some Other Reasons Where Deploying Wildcard SSL/TLS Certificates on Multiple Servers Are Beneficial

  • Your website is behind the proxies or load balancers. If that’s the case, then the offloading and SSL termination is done through load balancers, and to keep it secured, it’s recommended to install on each of them.
  • You’re looking to secure multiple machines throughout your internal network using your purchased Wildcard SSL/TLS certificate.
  • You’ve purchased a multi-domain SAN certificate and looking forward to installing it on your different websites.
  • You’ve purchased an SSL/TLS certificate from CA who offers free mail subdomains, and you want to secure both your web server as well as the mail server.

Does It Cost Extra to Install a Wildcard SSL/TLS Certificate on Multiple Servers?

We won’t name anyone, but some CAs (Certificate Authorities) are there who charges extra to install the same Wildcard SSL/TLS certificate on more than one servers, though the majority of them such as Sectigo (formerly known as Comodo CA), GeoTrust, RapidSSL, Thawte do it for free of cost.

An Overview of Installing Wildcard SSL/TLS Certificate on Multiple Servers

Once you purchase a Wildcard SSL/TLS Certificate, like any other, you’re supposed to generate a CSR (Certificate Signing Request). However, different servers have different CSR generation and SSL installation steps. And one advantage of Wildcard SSL installation on multiple servers is also that you won’t have to generate CSR again and again for other servers, it’s a one-time process.

Also, once the CSR is generated and your Wildcard SSL/TLS certificate gets issued, you can go ahead and start the installation process. First, on the primary server on which you created your CSR and then on other additional servers. Nevertheless, you’ll have to follow one extra step of copying the private key through the primary server and paste it on the additional servers where you’ve hosted your subdomains.

Let’s cover the CSR generation and private key transfer steps using cPanel as an example.

Generating CSR on cPanel

  • Enter login credentials and get access to cPanel.
  • In the Security section, select and click on SSL/TLS Manager.
c-panel-security-ssl-tls
  • After selecting SSL/TLS, go to Certificate Signing Requests (CSR) section and choose Generate, view, or delete SSL certificate signing requests.
c-panel-ssl-tls-csr
  • Now, fill in the form with the asked information using alphanumeric characters.
c-panel-ssl-tls-generate-csr-form
  • Domains: Enter the FQDN (Fully Qualified Domain Name). Enter the primary domain for which you require SSL/TLS Certificate and then add an asterisk (*) in front of the domain name (*.exampledomain.com). Note: Avoid writing asterisk (*) before the www of the domain such as *.www.exampledomain.com. In case you’re looking to secure second-level sub-domains like blog.www.exampleomain.com, mail.www.exampledomain.com, etc.
  • City: Enter the full name of your city and avoid using abbreviations.
  • State: Enter the full name of your state and avoid using abbreviations.
  • Country: From the drop-down menu, select your country.
  • Company: Enter the officially registered name of your business. If you’re going for Organization and Extended Validated SSL/TLS Certificate, then it’s mandatory. And, if it’s Domain Validated SSL, then you can simply enter “NA” if the name of your organization is not legally registered.
  • Company Division: If there’s any specific department in the organization enter in this field or else simply write “NA,” if there’ s no such departments in the company or it’s a Domain Validated SSL/TLS certificate.
  • Email: Enter your valid email address. (It’s optional.)
  • Passphrase: Keep it blank.
  • Description: It’s optional. In case you have more than one CSR, then it’s good to add some keywords to locate it from the list of CSRs.
  • Now, click Generate.
After you complete the above steps, your private and public keys will be generated. Here, the private key will be locally stored on the server, which will be further used for decrypting data sent by your website users. And, CSR will be sent to a CA (Certificate Authority), which will be used for issuance of your certificate.

Once all the asked details are sent along with the CSR to your Certificate Authority (CA), and the validation process is completed, the CA will issue your certificate, and then it will email all the files, which are needed to complete the SSL installation process.

Nevertheless, the installation process of a Wildcard SSL/TLS certificate on additional servers are mostly the same except one additional step. Here, you’ve to copy the private key from the main server and paste it on every other server. Likewise, you’re expected to keep your private key secured. For example, if you’re copying it to the local device, you’re advised to encrypt it for maintaining that private key file protected, because the SSL/TLS certificate is useless if the private key gets compromised.

Here’s How to Locate and Transfer Your Private Key on Multiple Servers Using cPanel

  • Login to cPanel and go to SSL/TLS.
  • Now, select the option: Generate, view, upload, or delete your private keys.
c-panel-ssl-tls-private-key
  • Now, click Edit.
c-panel-ssl-tls-private-key-edit
  • From the Encoded Private Key file, copy all the content along with the top header and end footer: ”—–BEGIN RSA PRIVATE KEY—–” and footer ”—–END RSA PRIVATE KEY—–”.
c-panel-ssl-tls-private-key-view-private-key
  • Now, paste the copied private key into the box on every extra server on which you wish to install your Wildcard SSL/TLS certificate.
c-panel-install-an-ssl-website
  • For completing the installation process, add your certificate bundle and intermediate certificate on all the additional servers.

Summary

As per the above article, it’s truly possible to install a Wildcard SSL/TLS certificate on sub-domains hosted on different servers without spending extra money on SSL/TLS certificate for each of the additional servers. Moreover, a cheap Wildcard SSL/TLS certificate provided from CA (Certificate Authorities) like Comodo, Thawte, offers the protection you’re looking to secure your sub-domains across multiple servers.

Related Articles:

AboutSSL’s Best Stuff

Compare Best SSLs

Choose Your Best SSL

SSL Installation Guide

s

Fix SSL Errors

Cheap SSL Certificates

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More