Must one have SSL certificates for each domain, to use HTTPS?

All we need is an easy explanation of the problem, so here it is.

I read in the following passage in this DigitalOcean article, concerning HTTP/2:

Even though HTTP/2 does not require encryption, developers of two most
popular browsers, Google Chrome and Mozilla Firefox, stated that for
the security reasons they will support HTTP/2 only for HTTPS
connections. Hence, if you decide to set up servers with HTTP/2
support, you must also secure them with HTTPS.

Okay, let’s say I install OpenSSL on port 443 and use TLS to wrap each packet with an encryption wrapper.

Will I still have HTTPS if I didn’t setup an SSL certificate for each domain and associated it with OpenSSL? and if I will, will this be valid in Chrome/Firefox?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

I feel like a primer on how TLS works might answer some of your questions. We have a canonical question here for that:

How does SSL/TLS work?


The part that’s relevant for your question is that in order to do TLS, the server must have an encryption private key.

This key is private, meaning that no copies of the key should exist anywhere else, so we can use it (and the corresponding public key) to uniquely identify the server.

Consider a browser visiting your site for the first time – how does it know that it’s talking to the real yourdomain.com and not an attacker trying to spoof your site?

That’s where certificates come in: a Certificate Authority issues a certificate to say “we have verified that this public key does in fact belong to the legitimate owners of mydomain.com. Browsers take this as proof that they are talking to the authentic server for that URL / domain.

Browsers require every server to present a valid certificate matching the domain requested for each TLS connection, and (in theory at least) each server should be using a unique keypair and certificate.

TLS is a bit tricky to wrap your head around, and getting a cert from a CA and installing it properly can be a bit fiddly, but if you follow your guide you should have it up and running in a day or two.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

Leave a Reply