How to install wildcard certificates on multiple servers

If you have a wildcard certificate (for example *.randomhacks.co.uk) you might need to install it on multiple servers which host the different subdomains.

Basically, don’t rekey the certificate for each server just copy the same keys and certificate files across all the servers. If you rekey the certificate each time then you will invalidate any certificates which used the old key.

Typically you would need to copy these files:

/etc/ssl/private/wildcard.randomhacks.key
/etc/ssl/private/wildcard.randomhacks.sf_bundle.crt
/etc/certs/wildcard.randomhacks.crt

Note: GoDaddy let you use their wildcard certificates across an unlimited number of servers. However if you are using another certificate provider you might need to check that they don’t have a limited.

2 thoughts to “How to install wildcard certificates on multiple servers”

  1. Copy the response files back to the same server you used to make the certificate request (it holds the private key and you only provided the public key to be signed in the request). Using the same application you made the request with, you should “complete” the request. Repeating a certificate request involves importing the certificate reply into your server so it will now contain a public signed key and the private key (will be associated with the public key). If it’s windows, you can export the certificate (containing both the public and private key) in a PKCS format (extension pfx). You are required to password protect it when exporting. If it’s linux, you should find the public and private key likely in /etc/ssl/certs and /etc/ssl/private. The utility openssl is capable of converting between the two if you need to place it on a different OS platform.

Leave a Reply