|How does shared SSL work?
In order to understand how shared secure certificates work we need to understand a few basic SSL characteristics.Standard SSL certificates are created to function with one unique fully qualified domain name (FQDN). This is the base domain name plus any prefix (sub domain). The standard SSL certificate needs to be addressed at this specific FQDN or it will produce errors messages.Table A – Standard SSL Access (ourshop.com ficticious hosting company)
Table “A” shows how in a standard SSL situation, a secure certificate is only valid with the complete domain portion of the web address. A Wild Card Certificate however, allows access from any subdomain. ** Each of the URLS in the “invalid url” column are valid with a wild card certificate for “ourshop.com”. Purchasing a wild card certificates is usually much more expensive than a standard certificate.
Shared SSL usually takes one of the following forms:
Note: in each of these situations the URL that is being used during secure processing combines some type of user identifier along with one of the hosting company’s domain names. A web site hosting company’s particular shared ssl method may be a variation of the above. You should ask what form of shared ssl your prospective host is using before you sign up. The advantage in the first type of shared ssl using the wild card certificate is that you have more flexibility.
Table B – Shared SSL using a standard NON Wild card Certificate
Table “B” shows the shared secure certificate method using a single FQDN certificate. In this example we used a seperate domain name to handle shared secure processing though this is not always the case. We could have used a sub-domain such as “https://secure.ourshop.com/abcdef/” instead. The “path” method of shared SSL using a standard single domain certificate is not our prefered method. We like to see shared SSL using wild card certificates that point to the customer’s main document directory. The wild-card method (number “1” above) allows us greater flexibility and the URL looks a bit more professional.
There are a number of variations on these examples. In practice, most hosting companies that offer shared secure certificates use some form of what we’ve shown here.