Can I use a trusted CA certificate on multiple sites?

You can have a certificate on multiple machines. But unless the "site name" for all the machines is the same (eg a cluster of web servers all serving for one website) your users will get a mismatch error as the certificate wont match the server name they requested.

You can have a certificate on a single machine with multiple sites (eg virtual hosting) but you will have the same problem as above.

If you are serving multiple "sites" from a single server and want users web browsers and the like to be happy you will need multiple certificates and multiple IP addresses assigned to the host. This is because it is the connection that is certified and encrypted and this happens before the client tells you what site it is interested. This is the limitation of the current SSL protocol. This limitation is addressed in the latest protocol but not everything supports that yet.

Update Feb 2017:

Technology has moved on a fair bit since this question was asked, and I answered it. The SSL protocol has been improved with the addition of SNI allowing the browser to connect and request the domain before the certificate exchange. So you can now have more than one website served with SSL from a single server with a single IP address. SNI is almost universally supported by all browsers so you can be fairly confident that it your sites will be accessible to users. You can also combine multiple site names in to a single cert either with wildcards eg "*.stackexchange.com" and using "Certificate Subject Alt Names" which is what stackexchange is doing if you checkout the ssl cert on this site..

Stack Exchange Certificate Details

The even better news is that now we have letsencrypt we all get to have our certs for free if you just want encryption support and don't need the extended validation. And lets encrypt does support the alt names.

Tags:

Certificate