Support Questions
Find answers, ask questions, and share your expertise

Using single SSL Certificate on multiple hosts?

Explorer

Hi all,

Currently in the cluster we have different host certs for each host of the cluster. Is it possible to configure a single SSL cert for all the hosts? (This is to avoid generating multiple CSR and getting them signed)

1) Is it possible?

2) How if possible.

3) Possible security concerns?

Regards,

Arpan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Using single SSL Certificate on multiple hosts?

Contributor

@Arpan Rajani Yes, you can use a wildcard certificate - see https://en.wikipedia.org/wiki/Wildcard_certificate

If you're using a CA authority then most will generate wildcard certificates for you. If you're using an internal CA or self-signed certificates then this link shows you how: https://serversforhackers.com/self-signed-ssl-certificates

In terms of using it for Hadoop, it is used in the same way as a regular certificate but you only have one certificate for all the services.

The main security issue with this is that if someone gets hold of the certificate they can install it on any host in your network that matches the domain in DNS (for example *.example.com) and get a valid certificate on that host.

View solution in original post

3 REPLIES 3

Re: Using single SSL Certificate on multiple hosts?

Contributor

@Arpan Rajani Yes, you can use a wildcard certificate - see https://en.wikipedia.org/wiki/Wildcard_certificate

If you're using a CA authority then most will generate wildcard certificates for you. If you're using an internal CA or self-signed certificates then this link shows you how: https://serversforhackers.com/self-signed-ssl-certificates

In terms of using it for Hadoop, it is used in the same way as a regular certificate but you only have one certificate for all the services.

The main security issue with this is that if someone gets hold of the certificate they can install it on any host in your network that matches the domain in DNS (for example *.example.com) and get a valid certificate on that host.

View solution in original post

Re: Using single SSL Certificate on multiple hosts?

Explorer

@Terry Stebbens Thanks Terry for quick response.

We are using third party CA. (Not the self signed ones).

Currently while generating the CSR we given Common Name = {hostname}

$hostname yields : abc-xyz-001.CompanyName.COM

Instead when we give CN = *.CompanyName.COM, do we need to to get a domain set up in DNS to handle this?

Thanks,

Arpan

Re: Using single SSL Certificate on multiple hosts?

New Contributor

@Arpan Rajani there are many ways you can do this...

if you have only first level subdomains then there are wildcard certificate are available to cater your requirements. and in case if you have multiple domains for which you may have a first level subdomains then look for Multidomain Wildcard ssl certificates.

Check this website they provide variety of ssl certificates and they have good tech team to help you on...also you can buy ssl certificate online

Also they have some good tools which can help you in CSR generation

Thanks.