How to Install a Wildcard SSL/TLS Certificate on Multiple Servers?
Wildcard SSL/TLS certificate is also advantageous to secure subdomains that are on multiple servers. It helps secure all the sub-domains via a single Wildcard SSL/TLS certificate. For instance, you can secure subdomains hosted and managed through different departments which can improve efficiency such as, blog (blog.exampledomain.com) through WordPress host, support page (support.exampledomain.com) through the third-party helpdesk vendor and billing page (billing.exampledomain.com) via accounting company on some other server while directing your website visitors directly to subdomains without making them visit through the home page.
Some Other Reasons Where Deploying Wildcard SSL/TLS Certificates on Multiple Servers Are Beneficial
- Your website is behind the proxies or load balancers. If that’s the case, then the offloading and SSL termination is done through load balancers, and to keep it secured, it’s recommended to install on each of them.
- You’re looking to secure multiple machines throughout your internal network using your purchased Wildcard SSL/TLS certificate.
- You’ve purchased a multi-domain SAN certificate and looking forward to installing it on your different websites.
- You’ve purchased an SSL/TLS certificate from CA who offers free mail subdomains, and you want to secure both your web server as well as the mail server.
Does It Cost Extra to Install a Wildcard SSL/TLS Certificate on Multiple Servers?
An Overview of Installing Wildcard SSL/TLS Certificate on Multiple Servers
Also, once the CSR is generated and your Wildcard SSL/TLS certificate gets issued, you can go ahead and start the installation process. First, on the primary server on which you created your CSR and then on other additional servers. Nevertheless, you’ll have to follow one extra step of copying the private key through the primary server and paste it on the additional servers where you’ve hosted your subdomains.
Let’s cover the CSR generation and private key transfer steps using cPanel as an example.
Generating CSR on cPanel
- Enter login credentials and get access to cPanel.
- In the Security section, select and click on SSL/TLS Manager.
- After selecting SSL/TLS, go to Certificate Signing Requests (CSR) section and choose Generate, view, or delete SSL certificate signing requests.
- Now, fill in the form with the asked information using alphanumeric characters.
- Domains: Enter the FQDN (Fully Qualified Domain Name). Enter the primary domain for which you require SSL/TLS Certificate and then add an asterisk (*) in front of the domain name (*.exampledomain.com). Note: Avoid writing asterisk (*) before the www of the domain such as *.www.exampledomain.com. In case you’re looking to secure second-level sub-domains like blog.www.exampleomain.com, mail.www.exampledomain.com, etc.
- City: Enter the full name of your city and avoid using abbreviations.
- State: Enter the full name of your state and avoid using abbreviations.
- Country: From the drop-down menu, select your country.
- Company: Enter the officially registered name of your business. If you’re going for Organization and Extended Validated SSL/TLS Certificate, then it’s mandatory. And, if it’s Domain Validated SSL, then you can simply enter “NA” if the name of your organization is not legally registered.
- Company Division: If there’s any specific department in the organization enter in this field or else simply write “NA,” if there’ s no such departments in the company or it’s a Domain Validated SSL/TLS certificate.
- Email: Enter your valid email address. (It’s optional.)
- Passphrase: Keep it blank.
- Description: It’s optional. In case you have more than one CSR, then it’s good to add some keywords to locate it from the list of CSRs.
- Now, click Generate.
Once all the asked details are sent along with the CSR to your Certificate Authority (CA), and the validation process is completed, the CA will issue your certificate, and then it will email all the files, which are needed to complete the SSL installation process.
Nevertheless, the installation process of a Wildcard SSL/TLS certificate on additional servers are mostly the same except one additional step. Here, you’ve to copy the private key from the main server and paste it on every other server. Likewise, you’re expected to keep your private key secured. For example, if you’re copying it to the local device, you’re advised to encrypt it for maintaining that private key file protected, because the SSL/TLS certificate is useless if the private key gets compromised.
Here’s How to Locate and Transfer Your Private Key on Multiple Servers Using cPanel
- Login to cPanel and go to SSL/TLS.
- Now, select the option: Generate, view, upload, or delete your private keys.
- Now, click Edit.
- From the Encoded Private Key file, copy all the content along with the top header and end footer: ”—–BEGIN RSA PRIVATE KEY—–” and footer ”—–END RSA PRIVATE KEY—–”.
- Now, paste the copied private key into the box on every extra server on which you wish to install your Wildcard SSL/TLS certificate.
- For completing the installation process, add your certificate bundle and intermediate certificate on all the additional servers.