Shares 13

Reduce Infrastructure cost with SSL wildcard certificate

Working in IT Infrastructure department, one topic you will always have it around on how to reduce the cost. In this article, I will talk about what is wildcard SSL certificate and how you can get benefited and reduce the IT Infrastructure cost.

What is wildcard SSL certificate?

A wildcard SSL certificate provides you a feature to secure multiple websites with a single SSL certificate. Wildcard SSL certificate is the best idea to use for sub-domains.

How does it work?

Traditional SSL certificate is unique per domain. For ex – to secure domain.com and uat.domain.com, you require two SSL certificate with following CN.

CN = domain.com CN = uat.domain.com

Wildcard SSL certificate is common for multiple unlimited sub-domains. For ex – to secure domain.com, uat.domain.com, sales.domain.com, you require one SSL certificate with following CN.

CN = *.domain.com

How does it reduce cost?

For ex, if you have 50 websites or web application and you are using traditional VeriSign EV SSL certificates, it would cost you around $75000 per year.

How about saving $73000 per year for just 50 websites? I am serious; you can do this by using wildcard SSL certificate. You can just buy one cert, which cost around $2000 per year and you can use for all your sub-domains.

If you are managing the large portfolio, you can calculate the saving you will have in IT infrastructure. Not to forget it also reduces the man-efforts in maintaining just single cert instead of many.

Wildcard SSL cert is available from most the SSL cert signer like VeriSign, Entrust, Thawte, Geotrust, etc.

If you are managing IT infrastructure and still using traditional SSL cert, you may get to think about this.

Who uses wildcard SSL cert?

Wildcard SSL cert is been used in many organization these days. Following are some of them.

Google

Facebook

Bluehost

How to get Wildcard Certificate?

You can use OpenSSL to generate a CSR and send the CSR to certificate authority to sign it for you.

To generate a CSR and Private Key

  • Login into server where OpenSSL is installed
  • Create or go to a directory where you want to keep the CSR & Key file
  • Execute the following command to generate CSR and Private key with 2048 bits
openssl req -out certificate.csr -newkey rsa:2048 -nodes -keyout certprivate.key

Ex:

[[email protected] test]# openssl req -out geekflare.csr -newkey rsa:2048 -nodes -keyout geekflare.key
Generating a 2048 bit RSA private key
.........................+++
....+++
writing new private key to 'geekflare.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:Singapore
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Geek Flare
Organizational Unit Name (eg, section) []:Blogging
Common Name (eg, your name or your server's hostname) []:*.geekflare.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[[email protected] test]#

All you have to ensure is add a wildcard (*.) before the common name.

It will generate two files, you have to send CSR file to certificate authority so they will provide you signed the cert for implementation in your web server like Apache or Nginx.

I hope this helps you to understand Wildcard certificate better. If you like this, please help to share with your friends.

Shares 13

Reader Interactions

Comments

Your email address will not be published. Required fields are marked *