Forum Discussion
NimbostratusWildcard Certificate
Assuming all your sub-domains are first-level, you're good to go with the wildcard certificate. Just don't include any sub-domains (SANs) with your purchase requests, you really don't have to, and it might be the reason you received misleading information from them. Any first-level sub-domains will automatically be covered by the wildcard certificate.
With a wildcard certificate, your second-level sub-domains will not be covered (e.g. "https://mysecond.myfirst.maindomain.com"); neither will "https://maindomain.com" be covered.
I recommend reading the information here to learn more about wildcards & sub-domains: https://www.digicert.com/ssl-support/wildcard-san-names.htm
NimbostratusThank You Hannes, but this solve one part of my question.
Second part is this about additional server licenses, am I need them, because I am installing certificate only on one server (in this case F5), I am stuck with Thawte, I am not able to change certificate now.
Hannes_RappYou have only 1 server and no additional server licenses are required if you have a standalone F5 terminating all SSL connections. I've not worked with Thawte before, and in case of an active-standby (or active-active) cluster I'd recommend clarifying whether you are required to pay for an additional server license.- Alen_Ismic_1869I'll use high availability mode, there is two F5 BIG IP which will terminating all SSL connections.
