Multiple Subdomain SSL Certificates

TL;DR

You can absolutely use SSL certificates from different providers for multiple subdomains of the same main domain. This guide explains how to generate Certificate Signing Requests (CSRs) for each subdomain, purchase the certificates, and install them on your server.

Steps

1. Understand CSR Generation: Each subdomain needs its own unique CSR. The CSR contains information about your domain and is used by the SSL provider to create the certificate.
   • The process for generating a CSR varies depending on your web server (Apache, Nginx, IIS etc.).
   • You’ll typically use a command-line tool or your server control panel.
2. Generate the First Subdomain’s CSR: Let’s say you want certificates for sub1.example.com and sub2.example.com.

   Example using OpenSSL (common on Linux):

   openssl req -new -keyout sub1.key -out sub1.csr

   You’ll be prompted for information like Country Code, State, Locality, Organisation Name, Common Name (this must be sub1.example.com), and Email Address.

3. Generate the Second Subdomain’s CSR: Repeat step 2 for sub2.example.com.

   openssl req -new -keyout sub2.key -out sub2.csr

   Again, ensure the Common Name is sub2.example.com.

4. Purchase Certificates: Choose two different SSL providers (e.g., Sectigo, DigiCert, Let’s Encrypt).
   • When purchasing, you’ll need to submit the CSR for each subdomain separately.
   • Select the appropriate certificate type (Single Domain, Wildcard – although a wildcard won’t work here as you want different providers).
5. Install the First Certificate: Once you receive the certificate files from provider 1 for sub1.example.com, install it on your server.
   • This usually involves copying the certificate file (.crt or .pem) and intermediate certificates (if provided) to a specific directory on your server.
   • You’ll also need to configure your web server to use this certificate for sub1.example.com.
6. Install the Second Certificate: Repeat step 5 for the certificate from provider 2 for sub2.example.com.
   • Ensure your web server configuration points to the correct certificate and key files for each subdomain.
7. Configure Your Web Server: This is crucial. You need separate virtual host configurations (or similar) for each subdomain, pointing to their respective SSL certificates.

   Example Apache configuration snippet (sub1.example.com):

   <VirtualHost *:443>
     ServerName sub1.example.com
     DocumentRoot /var/www/sub1
     SSLEngine on
     SSLCertificateFile /etc/ssl/certs/sub1.crt
     SSLCertificateKeyFile /etc/ssl/private/sub1.key
   </VirtualHost>

   Repeat this for sub2.example.com, changing the paths to its certificate and key files.

8. Restart Your Web Server: After making configuration changes, restart your web server (e.g., Apache or Nginx) to apply them.

   sudo systemctl restart apache2

9. Verify Installation: Use an SSL checker tool (like SSL Labs’ SSL Server Test: https://www.ssllabs.com/ssltest/) to confirm that both certificates are installed correctly and working for their respective subdomains.