If I create an SSL Certificate for secure.mydomain.com
and I create the following DNS record:
alias.otherdomain.com CNAME secure.mydomain.com
So that alias.otherdomain.com
points to secure.mydomain.com
, will the SSL certificate be valid if I surf to https://alias.otherdomain.com
?
Thanks
If you choose the CNAME URL implementation option, an SSL Certificate will be required for the new subdomain.
When both domains are in the SSL cert list, your CNAME can redirect with HTTPS. This is how CDN service provider such as Incapsula with works with HTTPS. They just create a "Multi-domain" SSL cert for you. Any way, this kind of SSL cert is for business use in most case and are generally pretty expensive.
A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.
CNAME stands for Canonical Name. A common example is when you have both example.com and www.example.com pointing to the same application and hosted by the same server. To avoid maintaining two different records, it's common to create: An A record for example.com pointing to the server IP address.
CNAME Based Validation CNAME DNS validation is the proof of establishing your control of the domain name for which you are requesting SSL. You should add an unique CNAME record to your DNS configuration to complete domain validation. Please check below example of GoDaddy DNS.
What is 1.1.1.1? What is a DNS CNAME record? The ‘canonical name’ (CNAME) record is used in lieu of an A record, when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address.
Whether your DNS entry uses a CNAME or an A record doesn't matter. What matters is the host name the client is trying to connect to. It must match one of the Subject Alternative Names in the certificate of the server providing that resource (or, failing that, it must match the CN RDN of the cert's Subject DN).
A CNAME is not a redirect per se. It's just a record type in DNS, also known as a DNS alias. The DNS protocol is ultimately about mapping names to IP addresses. The most common record type is a "A" record which is a one-way mapping of Name to IP.
No, it won't. The browser (or other application) will request alias.otherdomain.com and will compare this particular name to contents of presented certificate. The application knows nothing about your DNS aliases.
Update: Donal Fellows reminds me about multidomain (including wildcard) certificates. Some (but not all) CAs offer such certificates so if you buy one of those, then your scheme will work. But otherwise my answer applies.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With