How do I cover multiple domains with SSL certificates

Frequently there is a need to cover more than one domain on your Acquia Cloud site(s) under SSL so that they're reachable via https://... URLs. This article details some limitations and tips on how to achieve that.

Acquia Cloud Professional Customers

Since Acquia Cloud Professional applications are limited to one SSL certificate per environment (dev/stage/prod), if you need multiple domains covered under SSL, you will need to upload a single SSL certificate to the environment. (See https://docs.acquia.com/acquia-cloud/manage/ssl/cert/#cloud-install-ssl-cert).

• One option is a Wildcard Certificate which covers any domain that matches a root domain.
  • For example, a Wildcard cert for *.domain.com would secure example1.domain.com, example2.domain.com, etc.
  • For more info see http://www.networksolutions.com/SSL-certificates/wildcard-certificate.jsp
• Another option is a Unified Communications Certificate (UCC), which covers multiple domains.
  • A UC Certificate is also known as "Multi-Domain Certificate" or "SAN Certificate".

Please consult your SSL vendor to determine what options are available to you.

Note that you can use the same certificate for different applications/environments. This means that if you already own a single certificate that protects all your domains (including non-production), you can upload that certificate to each environment on each application via the Acquia Cloud UI.

Be aware, wild card domains will only cover a single sub-domain as seen in the example below,

• This will work *.domain.com (www.domain.com)
• This will not work *.*.domain.com (www.qa.domain.com)

Workarounds

If you want to avoid getting a Wildcard or UCC Certificate, there are some workarounds you can try:

• For testing purposes, since Acquia Cloud lets you have a different certificate per environment, you could opt to test an existing certificate there (and then replace the original afterwards).
  • It may be necessary to talk to your DNS provider to point DNS to a different IP.
• If you were to route traffic through a CDN (such as Acquia Cloud Edge) then that CDN offering may let you have individual/different SSL certificate per each domain.
• You could also use an additional application within your Acquia subscription, which can have a different SSL certificate than your original application.

Acquia Cloud Enterprise and Site Factory Customers

Acquia Cloud Enterprise and Site Factory supports the use of multiple active certificates on each environment. See our installation instructions.