Reduce Infrastructure cost with SSL wildcard certificate
Working in IT Infrastructure department, one topic you will always have it around on how to reduce the cost. In this article, I will talk about what is wildcard SSL certificate and how you can get benefited and reduce the IT Infrastructure cost.
What is wildcard SSL certificate?
A wildcard SSL certificate provides you a feature to secure multiple websites with a single SSL certificate. Wildcard SSL certificate is the best idea to use for sub-domains.
How does it work?
CN = domain.com CN = uat.domain.com
Wildcard SSL certificate is common for multiple unlimited sub-domains. For ex – to secure domain.com, uat.domain.com, sales.domain.com, you require one SSL certificate with following CN.
CN = *.domain.com
How does it reduce cost?
For ex, if you have 50 websites or web application and you are using traditional VeriSign EV SSL certificates, it would cost you around $75000 per year.
How about saving $73000 per year for just 50 websites? I am serious; you can do this by using wildcard SSL certificate. You can just buy one cert, which cost around $2000 per year and you can use for all your sub-domains.
If you are managing the large portfolio, you can calculate the saving you will have in IT infrastructure. Not to forget it also reduces the man-efforts in maintaining just single cert instead of many.
Wildcard SSL cert is available from most the SSL cert signer like VeriSign, Entrust, Thawte, Geotrust, etc.
If you are managing IT infrastructure and still using traditional SSL cert, you may get to think about this.
Who uses wildcard SSL cert?
Wildcard SSL cert is been used in many organization these days. Following are some of them.
How to get Wildcard Certificate?
You can use OpenSSL to generate a CSR and send the CSR to certificate authority to sign it for you.
To generate a CSR and Private Key
- Login into server where OpenSSL is installed
- Create or go to a directory where you want to keep the CSR & Key file
- Execute the following command to generate CSR and Private key with 2048 bits
openssl req -out certificate.csr -newkey rsa:2048 -nodes -keyout certprivate.key
[[email protected] test]# openssl req -out geekflare.csr -newkey rsa:2048 -nodes -keyout geekflare.key Generating a 2048 bit RSA private key .........................+++ ....+++ writing new private key to 'geekflare.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:SG State or Province Name (full name) :Singapore Locality Name (eg, city) [Default City]:Singapore Organization Name (eg, company) [Default Company Ltd]:Geek Flare Organizational Unit Name (eg, section) :Blogging Common Name (eg, your name or your server's hostname) :*.geekflare.com Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name : [[email protected] test]#
All you have to ensure is add a wildcard (*.) before the common name.
I hope this helps you to understand Wildcard certificate better. If you like this, please help to share with your friends.