Subdomain multisite configuration with SSL cert

  • Resolved brookt

    (@brookt)


    11 years, 3 months ago

    I am trying to secure a subdomain multisite instance with an SSL certificate. I want to secure both the domain (wp.example.com) and all the subdomains (*.wp.example.com). How can I do this with one certificate?

    I have a wild-card cert that only secures *.wp.example.com which leaves the network admin login wp.example.com unsecured.

    I read this post which indicates installing a single cert for wp.example.com and forcing ssl_login would cause subdomain logins to login to wp.example.com/wp-login.php. But that isn’t working either – site logins still go to site.wp.example.com/wp-login.php.

    So how can I secure both wp.example.com and *.wp.example.com with a single cert? Is this even possible?

    How do other people ssl secure both the network admin login and individual site admin logins?

Viewing 4 replies - 1 through 4 (of 4 total)

  • Do you enable ssl on wp login page?

    If not then try it because this is not happened because of your Wildcard SSL Certificate

    In wordpress your every subdomains have private wp admin and wp login page so you need to enable ssl in every login or admin pages also.

    Wildcard SSL secures your primary domain name (wp.example.com) or unlimited sub domain for that primary domain name (*.wp.example.com)

    Here is the link which will explain you more detail on Wildcard SSL Certificate: https://www.clickssl.com/blog/what-is-wildcard-ssl-certificate/

    Hope you will find your answer.

    Thread Starter brookt

    (@brookt)

    Thank you. I was forcing ssl login but was using the cert for wp.example.com instead of *.wp.example.com

    I switched to the wild-card certificate and everything works.

    Thread Starter brookt

    (@brookt)

    I think I spoke too soon and the fact that it worked was due to a previous acceptance of the certificate warning.

    Everything I see regarding wildcard certs says they protect all the subdomains(*.wp.example.com) but nothing indicates they protect the “root” domain(wp.example.com). Even wordpress.com has two certificates depending on where you login. If you login at wordpress.com, its cert is for wordpress.com. If you login at site.wordpress.com, its certs is for *.wordpress.com.

    However, it appears you can add a Subject Alternative Name (SAN) when the cert is created. Adding *.wp.example.com as a SAN to our wp.example.com certificate worked.

    Links regarding SAN:
    SAN Link 1
    SAN Link 2

    Yes, I do agree with you brokt,

    GeoTrust Wildcard SSL can secure your wp.example.com for free when you order for *.wp.example.com

    Check this link
    https://www.geotrust.com/ssl/wildcard-ssl-certificates/
    https://www.clickssl.com/ssl-certificates/geotrust/truebusinessid-wildcard

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Subdomain multisite configuration with SSL cert’ is closed to new replies.