如果所有子域都指向网站根目录，是否需要通配符 SSL 证书 [英] Is a wildcard SSL cert necessary if all sub-domains point to the website root

问题描述

我对 SSL 证书完全陌生，需要尽快购买.当子域开始发挥作用时，价格似乎会大幅上涨.

I am completely new to SSL certificates and need to purchase one pretty soon. There seems to be a huge price increase when sub-domains come into play.

我的问题是:

我设置了我的网站，以便通过 htaccess 将 username.domain.com 重写为 domain.com?user=username

I have my site set up so that username.domain.com is rewritten via htaccess to domain.com?user=username

如果我的网站设置为所有子域都是虚拟的并指向同一位置，我是否需要购买通配符 SSL 证书?

If I have my web site set up so that all sub-domains are virtual and point to the same location, do I need to buy a wild-card SSL Cert?

推荐答案

如果您希望用户能够通过访问 https://username.domain.com 并在同一个域下浏览(这意味着他们将始终向 https://username.domain.com)，那么您将需要一个通配符 SSL 证书.如果您只是为 domain.com 安装了 SSL 证书，那么该请求将没有机会被您的服务器重写.浏览器会首先抛出安全异常，因为证书上的域与正在查看的域不匹配.

If you want the user to be able to view your site by visiting https://username.domain.com and browse under that same domain (meaning they'll always be making requests to https://username.domain.com), then you're going to need a wildcard SSL certificate. If you just have an SSL certificate installed for domain.com, then the request will not have the chance to get rewritten by your server. The browser will throw a security exception first, since the domain on the certificate does not match the domain being viewed.

如果您不介意让用户通过 https://domain.com?user=username 浏览您的网站，那么您可以让他们先访问 http://username.domain.com 然后将它们重定向到 https://domain.com?user=username.然后所有安全浏览都必须在 https://domain.com 下进行，这样就不需要通配符了证书.

If you don't mind having your users browse your site at https://domain.com?user=username, then you could have them first visit http://username.domain.com and then redirect them to https://domain.com?user=username. Then all secure browsing would have to take place under https://domain.com, and that would eliminate the need for a wildcard certificate.

当您购买 SSL 证书时，我建议您寻求技术支持并由他们运行您的方案.我发现 Digicert 在这方面非常有帮助(不，除了作为客户之外，我与他们没有任何从属关系)，但我相当确定他们会确认您需要通配符证书.

When you go to purchase your SSL certificate, I would recommend asking for tech support and running your scenario by them. I've found Digicert to be very helpful in this regard (and no I do not have any affiliation with them other than being a customer), but I'm fairly certain they will confirm that you need a wildcard certificate.

这篇关于如果所有子域都指向网站根目录，是否需要通配符 SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！