dns - SSL certificate for CNAME record

06
2014-04
  • user269586

    I have the CNAME record images.bob.com, which points to the images.susan.co.uk (images.bob.com. 1800 IN CNAME images.susan.co.uk.). I would like to ask for issuing SSL certificate for the alias.bob.com. Is that possible?

    I have files hosted on images.susan.co.uk, which I access through the alias images.bob.com. The domain records/ownership images.susan.co.uk itself is not mine and it is not under my control.

    Will be the SSL certificate issued to me? Could I deploy the images.bob.com SSL certificate on the web server, which runs on the images.susan.co.uk? Will that work?

    Thanks a lot Regards, STeN

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    ssl certificate - Heroku Hostname based SSL: How does it work?
  • Ruben Vermeersch

    Heroku offers the option to use Hostname based SSL. Apparently this is a solution which they use to offer multiple SSL hostnames on the same IP address, without using SNI (which doesn't work on Windows XP).

    From the website:

    Hostname based SSL works with all browsers. Use it when you will be accessing you site via SSL on a subdomain such as www.myapp.com, secure.myapp.com or *.myapp.com. Hostname based SSL will not work with root domains as it relies on CNAME aliasing of your custom domain names. CNAME aliasing of root domains is an RFC violation.

    So how exactly does this work? Does it mean that they request you to add a CNAME alias to your domain and then issue a certificate for the CNAME (e.g. www.mydomain.com -> secure.heroku.com, upon visiting www.mydomain.com, a certificate for secure.heroku.com is presented). Does such a thing work? If it does not do that, then what does it do?


    • Related Answers
  • Jason Green

    We have done a writeup on how to do this here:

    http://blog.dynamic50.com/2011/02/15/ssl-on-wildcard-domains-on-heroku-using-godaddy/