Can SSL Certificate be used on Multiple Servers (How to do it)?

Can SSL certificate be used on multiple servers
Can SSL certificate be used on multiple servers

While visiting a website you must have seen a padlock sign beside the website URL, right? This padlock symbolizes that the website is SSL certified. Now, for those who don’t know what is an SSL certificate, SSL aka Secure Sockets Layer is a type of certificate that authenticates a website and enables an encrypted connection. In short, the data that is transmitted through such SSL-enabled websites are encrypted and safe. Usually, every website on the internet uses this certificate, to ensure zero user privacy breaches. Although, if you are a website owner and own multiple servers, this question must have surely struck your mind, “Can SSL certificate be used on multiple servers?” 

Let’s find out!

Can SSL Certificate be used on Multiple Servers?

Yes, you can use a single SSL certificate on multiple servers, without any problem. Although the maximum number of allowed servers totally depends on the Certificate Authority (CA) and Certificate License (CL). 

But, how to install an SSL certificate on multiple servers? Read next to find out!

How to set up a single SSL certificate on Multiple Servers?

Well, after getting an affirmation on the question “Can SSL certificate be used on multiple servers?”, you must be now thinking of how to set up a single SSL certificate on multiple servers. 

So, to start with, you need to install the SSL certificate files to the server where it was originally generated. Then import the files along with the private key to the respective servers. Thus, each server will have its own copy of the SSL certificate along with its private key installed on it. This method is known as Import/Export method.

As this process involves copying the key into the servers, it should be done in a very careful manner, so that your private key is not exposed. The key can be copied through SSH commands, or it may come packed with the certificate PFX file with password-based encryption. This will give decent protection to the key while transferring it between the two servers if the password is random enough.

Note: In case, if the secondary server is of a different type from your original server, you can request your CA (Certificate Authority) to create a duplicate of the certificate file which is compatible with the new server type. This method is known as the Issue/Reissue method.

Which method should you use for different Server types?

You should use a different method to install a different SSL certificate on the servers according to their types.

For example, you should use the Import/Export method for Windows-to-Windows servers like IIS and Exchange, because it is super easy to back up your SSL keys to PFX (Personal Information Exchange) archive. PFX file is a single, password-protected certificate archive that contains the entire certification chain along with the matching private keys. And this is all that a Windows server will need to import a certificate and private keys from an individual file. Similarly, you can use the Import/Export method for Java-to-Java servers. 

Although, Apache-to-Apache & NGNIX-to-NGNIX servers do not store their SSL/TSL certificates and their appropriate private key files in a single repository file, therefore it is recommended to use the Issue/Reissue method. Also, if you are using Brand-X to Brand-Y servers, you should again opt for the Issue/Reissue method, because you don’t want to waste time converting a PFX certificate archive to a Java Keystore archive.

Can SSL certificate be issued to IP address?

The short answer is YES, you can easily issue an SSL certificate to the IP address, but there are some rules and requirements that are ought to be followed to get it issued successfully, and they are:

  • The IP address for which you want to issue an SSL certificate should exclusively belong to you and not the web hosting company.
  • A certificate authority must be able to verify your ownership for that IP address under IP WHOIS lookup.
  • The name, residential address, mobile number, and email ID must be shown in the IP WHOIS lookup.
  • Documents like; Organization Authentication, Locality Presence, Telephone Verification, Domain Authentication, and Final Verification Call are essential.
  • You must buy an Organization Validated (OV) SSL certificate to secure an IP address.
  • OV Single Domain and OV multi-domain, both can be used for an IP address.
  • You can write an IP address in the Common Name (CN) or in the Sub Alternative Name (SAN) field.
  • If you specify the IP address as the Common Name (CN), then all the versions of Windows will support the SSL.
  • An SSL certificate cannot be issued for Reserved IP address (RFC 1918 and RFC 4193 range), private IP addresses such as IPv4 or IPv6, Intranet for Internal Server Name, and Local Server Name with non-public domain service.
  • Domain Validated (DV) and Extended Validated (EV) SSL are not allowed to issue an IP address.

Can SSL certificate be used on multiple domains?

A solid yes, SSL certificate can be used on multiple domains or multiple sub-domains.

Additionally, we can either use a multi-domain/UCC/SAN certificate or a multi-domain wildcard SSL certificate for securing multiple domains on a single SSL certificate.

Can SSL certificate be used for code signing?

No, you cannot use an SSL certificate for code signing because they have very different uses in terms of encryption. SSL is a protocol used to secure communication in real-time, whereas Code Signing is a time-stamped signature that can be used to verify the publisher’s identity and software integrity. There is no other common factor, except both make use of public encryption keys.

Can an SSL certificate be moved to another server?

Yes, why not! You can move your current SSL certificate to another server by; 

  • Exporting the SSL certificate from the current server along with any private key and any intermediate certificates.
  • After that, convert the certificate to a different format according to the server type.
  • Finally, import the SSL certificates and private key on the new SSL server and configure your site to use them.

Note: Some certificate authorities require that you purchase a “server license”, for each server that you install an SSL certificate, even if it is using the same private key. 

Final Remarks

An SSL certificate is something that protects/secures the communication line between a website and a user. Therefore, if you are a website owner, you should always try to get an SSL certificate for your site, as it increases the trust of the visitors to your website. 

Although, if you are running multiple websites, you will surely need an SSL certificate for each one of them, and therefore, you don’t need to sanction a new one every time, as you can use your first and original SSL certificate for multiple servers.