Can I use a single (non-wildcard) SSL cert on multiple hostnames of the same domain?
If I have test.example.com and prod.example.com (two hostnames, but same domain name) can I use the same SSL cert on both machines?
In the past when I tried using a prod.example.com cert on test.example.com it resulted in browser warnings for host-mismatch, which led me to believe that I needed a wildcard (or else multiple distinct certs). (Perhaps my mistake was in generating the CSR for prod.example.com rather than simply example.com ?)
But the various SSL vendors' websites mention needing a wildcard cert for subdomains, which is not at all what I am using.
Is their language simply incorrect? (My cynical side wonders if this helps vendors sell more expensive certs...)
Solution 1:
You would need a certificate that supports the Subject Alternate Name field and you would have test.example.com in there for it to work in the example that you described.
A cert for example.com will not magically work for *.example.com like you are describing unless it is a wildcard cert, which you explicitly say that you do not have. The SAN field listing each sub-domain is what you need if you're not going to get a wildcard.
Solution 2:
Is their language simply incorrect?
No, yours is.
If I have
test.example.comandprod.example.com(two hostnames, but same domain name)
These are not the same domain name. They are both separate domain names that happen to be subdomains of example.com.
A domain name is any name that exists at any level in the DNS, not just the ones you get from your domain registrar.
An SSL certificate can only cover:
- An exact domain name
- As above, but with additional "Subject Alternate Names", or
- every sub-domain, i.e a wildcard cert.
Hence you can't just get a cert for example.com and have it automatically cover the subdomains too.