Getting SSL certificate for a subdomain on a separate server (with dedicated IP)

Question

My main site https://example.com has an SSL cert, no problem.

Now, I have developped a related application, that is hosted on a completely different server, and under : app.example.com. It has a dedicated IP.

The app uses websockets and needs SSL to function properly acros all devices. But I'm having trouble finding out how to register a new certificate for a subdomain... What's the strategy here? Should I have a wildcard cert on the main server, and somehow redirect from there? In that case, the app server wouldn't have access to the cert, and I wouldn't be able to create my secure socket connection, right?

Answer 1

You can go for a wild card certificate and bind it to all the URL's who share the same domain. But keep in mind, the wildcard certificates (irrespective of any brands) supports unlimited first level sub domains .

Wild card certificates can be installed on any server where the FQDN is hosted. In situations where the the sub domains are hosted on multiple servers, the wildcard certificate will work for all of them.

Answer 2

The certificate has to be installed where the server which provides content using this certificate. This means

• That the certificate for the subdomain has to be used on all servers which serve the subdomain, i.e. your websocket server.
• And nowhere else, i.e. it is not needed at the main domain just to provide a redirect from the main domain away.

You are free to use any certificate which matches the subdomain, that is it can be a wildcard certificate but can also be specific for only this domain.