stackoom
  简体   繁体   中英

Can multiple ssl certificates protect the same subdomain?

 原文  2016-06-22 07:42:08       amazon-web-services/ ssl/ gitlab/ aws-certificate-manager

Question

I have elastic beanstalk apps running on www.learningdollars.com and dev.learningdollars.com and I have a gitlab ubuntu instance running on gitlab.learningdollars.com

I was thinking of using AWS ACM but it seems that it will only work for the elastic beanstalk apps (through the load balancer in the config section) not the gitlab instance.

So I registered *.learningdollars.com in AWS ACM and I am purchasing a certificate from godaddy or digicert for gitlab.learningdollars.com

Technically the AWS ACM cert covers *.learningdollars.com so it covers gitlab.learningdollars.com but I don't get access to the raw file so I can't use it.

So will I run into any issues with the above steps or are they fine?

1 answers

solution1
 6 ACCPTED  2016-06-22 08:48:32

Well, a certificate is merely a declaration by the certificate issuer that mentioned domain name does belong to the certificate owner (ie you). So, yes, you can have multiple certificates for the same domain name from different issuers. Event if it is exactly same domain name (as in "you can have independent certificates from digicert and godaddy for gitlab.learningdollars.com and they both will be valid").

It's more like having photo ID from different institutions or countries. For example a passport and a driver license. Having one does not invalidate another. So, browsers only verify a certification chain. Nobody even tries to check if other certificates exists for the same domain name (in fact, I don't believe that is even possible in general).

You should only be careful with getting intersecting certificates from the same issuer as even though it's a technically correct situation, many issuers automatically invalidate conflicting certificates (assuming that you will use a your new certificate instead).

Having said that, I'd like to clarify that you can actually use ACM certificate outside of beanstalk by just using a Load Balancer. I find it costing roughly as much as a third party certificate would cost me. But it also takes some load off me watching after https security issues (such us reviewing and updating list of ciphers or rebuilding server with newer version of openssl). I understand though that Load Balancer might cost substantially more for a very popular site. So, you do your math.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I have two different SSL certificates for main and subdomain? Adding multiple SSL certificates in apache AWS Config for multiple SSL Certificates on Application Load Balancer Multiple SSL Certificates on Elastic Beanstalk ALB Multiple SSL Certificates per node server Use multiple certificates for same server SSLSetup on Amazon Linux: SSL Error, Multiple certificates provided Multiple SSL Certificates for Different domain on IIS (Amazon EC2) Where can I manage uploaded IAM user SSL certificates in AWS? SSL certificates within an orgnanization
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM