Single SSL Certificate, Multiple Sites?

Question

I asked this as part of another question but feel like it should have its own:

With a shared hosting plan, is there any way to secure multiple domains (assuming the host allows multiple domains under a single plan) with a single SSL certificate? I know that private SSL certificates require a dedicated IP but I am looking for work-arounds (I'd rather not sign up for extra/better plans to keep costs cheap and I really do not want to outsource authentication..as in with OpenID). Any ideas?

(I don't think wildcard certs are an option as they are very expensive...)

Answer 1

Like I mentioned in your other question, just ask your host for a dedicated IP for each domain that needs SSL. That's a fairly basic request. If they can't do that, then perhaps it's time to go shopping for a different host, as it seems you've outgrown what your host can provide for you.

Answer 2

Basically no, not in a shared hosting plan.

When you have multiple web sites sharing an IP the server knows which site to route to by the Host header. SSL encrypts the entire request and response, including the host header - and a web server does not know which SSL certificate to use to crack open the message before attempting to route it - this is why an SSL site must have a dedicated IP address.

Answer 3

As for costs: whether certificates cost you anything depends on whether you use self-signed ones, or certificates from a free CA, or certificates from an expensive CA. Of course, for self-signed or free CAs, your users would have to confirm that they trust the CA in the web browser. Take a look at CACert for inexpensive certificates.

As for your original question: the approach recommend by RFC 3280 is to fill all the host names into the subjectAltName extension, see section 4.2.1.7 of the RFC. Whether or not a CA is willing to issue to you a certificate with that extension filled out depends on the CA again.