Jewelion: wildcard on https

November 17, 2017

Never being ones to let the grass grow under their feet, jewelion.com has had an SSL certificate for a long time now. More years than we care to remember.

Right from the start when we first started hosting eCommerce sites we decided that SSL was A Good Thing™. Back then each SSL protected site had to have its own IP address - due to the way the https protocol then worked. A work-around for some of our customers who didn’t have the necessary IP address was to set up a secure subdomain using the jewelion.com name and run the bits of their sites which needed SSL off that.

Now Server Name Indication (SNI) enables multiple certificates to be used on the same IP address, at a stroke removing a major barrier to widespread SSL adoption by websites using shared servers. It’s not a completely free ride, some older browsers / mobile phones can’t cope with it.

For whatever reason it has always been required that the certificate be generated to identify or validate only one domain name. Thus, in the dim and distant past, secure.jewelion.com was the domain chosen for our SSL certificate.

As the renewal date loomed and it was no longer possible to put it off, the thought that it would be good to have a completely SSL site started to grow. Certainly, I don’t think that reading this tangled prose could in any way be a black mark on someone’s character, but the fact that Google likes sites to be SSL is certainly a big incentive. Any SEO juice we can get for a reasonable effort is more than welcome.

How many certificates?

As far as https is concerned, jewelion.com is not the same as www.jewelion.com which is not the same as secure.jewelion.com. To cover those three possibilities we’re going to need three separate certificates, unless there’s some other way of doing it.

Enter the wildcard

Fortunately you can use what is called a wildcard SSL certificate, where one certificate will cover now only jewelion.com but also www.jewelion.com, secure.jewelion.com and anythingelseyoucanthnkof.jewelion.com.

The only(!) drawback is the price. Wildcard SSL certificates cost more. Up to 10 times or more. If you pay list price, it could prove cheaper simply to buy one for each variant. The multiple SSL certificate approach, though cheaper at the outset, brings its own issues like manageability and administrative overload.

This is the Internet - shop around!

Assuming you’re just looking for a basic SSL certificate, something to secure your website and provide reassurance to your customers then there’s not a lot of benefit to going top-end. It’s not like an engineering product with workmanship, it’s just a file with numbers in it.

(There may be differences in different SSL certificates from different Certificate Providers and that could be the subject for a future blog post. For now, we’re keeping it simple.)

Provided your visitors get the little green padlock and their chosen browser doesn’t complain, then, for the purpose of this exercise, that’s all that matters.

The chosen ones

We found these people SSL 2 Buy, with whom we have no relationship, no kickbacks, no affiliate deals. The certificate we bought (their cheapest) is the one protecting this site.