SSL question

I have a website hosted on a regular hosting with my own IP and I purchased COMODO SSL for a year via my hosting provider. I have a primary domain and couple of add-on domains. Add-on domains are completely different domains residing in separate folders of my primary domain (kinda like sub-directories).

I don’t really need SSL all that bad. I would probably use PayPal which has its own secured interface for credit card online transactions. BUT…what I do need is to be able to login securely into my Joomla backends where I enter my admin credentials. Obviously, SSL that I have is connected to my primary domain (hoster doesn’t provide SSL for add-ons anyway). The good news is that I’m somehow being able to
use SSL on my add-ons’ backends. I force SSL in Joomla configuration for a backend of Joomla and it seems to be working fine. The only thing is…browsers show me a warning messages that I simply ignore since I know what it’s about. The warning is because the certificate was issued for a different domain (ie. my primary one only).

The question is…anyone can explain it and do you think SSL would work fine for ALL of the domains (one primary and 2 add-ons)?


I have done the same thing (for a different reason, obviously) as I offer to share my SSL with my website clients. Since they, too, are in cPanel Addon domains, their clients can access via [noparse]https://MyDomain/AddonDirectory/SecurePage(s)[/noparse]. That does not generate a warning although it does display my domain as the SSL’s owner but it does allow the clients’ secure page(s) to be secure (under my SSL). It’s worked fine for many years.

What I perceive that you’ve done is simply force an https:// protocol on client pages which, while providing an encrypted link (I hope it does that), browsers dutifully report a non-secure (not validated by an SA) situation. It’s as if you’ve “self-signed” a certificate for your clients.

IMHO, if they need an SSL, charge them for it and do it properly.



Thanks for your reply!
SA? You probably meant - CA…
Well, for a client I won’t do that, of course! Those add-ons are just my own other sites.
I could do what you proposed, but I kinda prefer to see a correct domain as opposed to primary/add-on/secure pages.
As a matter of fact, just for a login I’m considering a FREE option of private self-signed cert.
Would save me 50$ a year…

Most of the hosting providers offer shared SSL on their hosting packages. With Shared SSL, the URL may look something like this:

[noparse]https: //[/noparse]

Its a good alternative to secure your addon domains.



Good thread!



The importance of sub-domains cannot be ignorable. The SSL certificate is attached to the server and qualified domain name (FQDN) of the website. You must need one certificate per FQDN that you are searching to secure. If the certificate’s common name and the FQDN on your website do not correspond, users will get an error message. In this case you website should secure with wildcard certificate which will secure your primary domain including all sub-domains.