About this blog

'Going Spatial' is my personal blog, the views on this site are entirely my own and should in no way be attributed to anyone else or as the opinion of any organisation.

My tweets on GIS, Humanitarian, Tech, Games and Randomness

Tuesday, 21 September 2010

Wildcard SSL certificates and EC2

I needed to secure our site with a SSL certificate and went shopping. Verisign was the first choice but the price was too high - so I was informed that GoDaddy would be a good choice. Indeed they were, with certificates in the dozens of pounds sterling rather than hundreds.

I also saw their 'wildcard' SSL certifcates where one can secure a domain rather than a FQDN. Example: I may have several sites that need HTTPS for credit card transactions but they are all off the same domain (*.mytestsite.com) - so a single wildcard certificate is sufficient to cover all sites running under the mytestsite.com domain!

Brilliant and for a competitive sum too!

The certificate arrived and the transaction went smoothly, we then imported the certificate to the server certificate store and bound the wildcard SSL to our website. All this was done in the IIS Management tool. Then, we ensured that HTTPS was enabled on the amazon firewall (or security group_ and voila it worked, https worked!

However, there's a catch. When the AMI is stopped or rebooted, it never comes back online. Somehow the wildcard SSL, once bound to the default website in IIS, prevents the AMI from ever coming back after a reboot or stop / start. I have some theories as to why this is but a bit of a disappointment for sure.

Am confident that a SSL certificate for the specific FQDN will work but this means purchasing a separate certificate per website. Tedious but doable.