SSL for custom domain WPMU subsite?

I see a number of threads but not clear which one would have the latest and most relevant information or a solution.

I have multiple subsites assigned to customers, each at their own custom domain name (using domain mapping plugin.) I am also using the Pro Sites plugin.

One customer wants SSL. Can it be done? Is it just a matter of getting a wildcard SSL or is there more to it? Please identify specific steps required...

Thanks!

  • Vinod Dalvi
    • WP Unicorn

    Hi @Strategerizer,

    I hope you are well today and thank you for your question.

    Personally i didn't implemented this kind of setup but could you please check whether the solutions posted in the following replies helps you to achieve it.

    https://premium.wpmudev.org/forums/topic/domain-mapping-with-ssl#post-207038
    https://premium.wpmudev.org/forums/topic/best-practice-new-set-up-for-domain-mapping-and-ssl#post-505847

    I have also notified the Domain Mapping plugin developer @Sam to get his invaluable reply here.

    Kind Regards,
    Vinod Dalvi

  • Sam
    • The Incredible Code Injector

    Hi @Strategerizer

    We have two approaches based on your need:

    1) If the customer needs to have just some of their pages ( i.e checkout, etc ) under ssl, you can have SSL cert for the original domain, and all the links to those pages should start with https and use the original domain and since these pages are ssl DM plugin won't force mapped domain for them

    2) Customer wants all of his website under SSL, then they can order an ssl cert for their domain, with the coming release of domain mapping you have the ability to force the mapped domain to use either http or https ( this feature is already implemented and along with some other features will be released soon, a rough ETA is early next week )

    • wp.network
      • The Bug Hunter

      Hey @Sam

      Thrilled to see this; I was just doing a sweep for new threads for another 'wrap up' on @Gabe's domain mapping bug thread... :slight_smile:

      Wanted to check about

      since these pages are ssl DM plugin won't force mapped domain for them

      I'm really concerned about url canonicalization and have been struggling with htaccess lately.

      If I have my subdomain.network set to use original addresses for admin over HTTPS but run the frontends over HTTP will DM redirect HTTPS requests to HTTP?

      If I then also want to pass certain addresses through from a mapped domain to its original address for HTTPS checkouts/etc. will all other (non-excepted) requests for URIs via HTTPS be redirected to HTTP by DM?

      Thanks so much for your work! You are awesome :wink:

      Cheers,
      Max

    • wp.network
      • The Bug Hunter

      from #1)

      links to those pages should start with https and use the original domain and since these pages are ssl DM plugin won't force mapped domain for them

      Does this mean that the DM will force HTTP for any HTTPS request made for the mapped domain while it will also force HTTPS for any HTTP request for the 'original' address?

      eg. when siteexample.com is mapped to siteexample.wpmsexample.com (or wpmsexample.com/siteexample)

      https://siteexample.com redirects to http://siteexample.com
      while also
      http://siteexample.wpmsexample.com/store/checkout/ redirects to https://siteexample.wpmsexample.com/store/checkout/

      Regards, Max

  • Strategerizer
    • Site Builder, Child of Zeus

    @Sam, thanks for your reply. My needs fit #2 above - whole subsite needs SSL. There is no e-commerce on the site. Customer is in the healthcare field and wants to show as secure to patients visiting the site. Additionally, I understand Google is starting to bump up SEO scores for sites that have SSL!

    I currently use the "Domain Mapping" plugin from https://wordpress.org/plugins/wordpress-mu-domain-mapping/. Is there a different domain mapping plugin from WPMUDEV that I should switch to in order for this to work? And the SSL I get, does it have to be a wild card SSL?

    Will "StartSSL Identity Verified" for $59 from https://www.startssl.com/?app=40 be sufficient for this? Or need need something like a "Multi-Domain SSL" for $89 from https://www.namecheap.com/security/ssl-certificates/multi-domain.aspx

    Thanks!

  • Jack Kitterhing
    • Code Norris

    Hi there @Strategerizer,

    Hope you're well today and thanks for your question! :slight_smile:

    For the solution to work with #2, you'd need to use our domain mapping plugin, which you can download here https://premium.wpmudev.org/project/domain-mapping/ (they'll be a update shortly, which would add the options Sam mentioned and will suit your use case).

    You'll be need a multi-domain SSL for this https://www.globalsign.co.uk/ssl/multi-domain-ssl/

    Not a wildcard SSL, a Wildcard SSL, only supports the domain itself and anything that is *.domain.com, but your looking to protect a domain that isn't the main domain, and possibly have other members also use a SSL, in which case you want the multi-domain certificate.

    Thanks!

    Kind Regards
    Jack.

  • wp.network
    • The Bug Hunter

    @Strategerizer thought I'd mention that there are several recent threads on the forums about SNI for apache which can support many single SSL certs on one server/IP.

    This approach seems well fit for a 'closed network' use case like the one you describe above, especially as an alternative to the Multi-Domain SSL Certs. I'm no expert on this though. I do know of three reputable hosts that can do SNI (EuroVPS.com | MediaTemple.com | WPEngine.com).

    Another very practical solution is to use CloudFlare Pro. I have not tested this myself, but have been following other threads/articles about this, and it makes sense to me. See: https://premium.wpmudev.org/forums/topic/domain-mapping-forced-ssl-login-with-wildcard-htaccess

    Cheers,
    Max

  • Badly Drawn Ben
    • New Recruit

    Hi,

    I'm jumping in here because I've got the same SiteGround GoGeek hosting package as Max and he's the one-eyed king in my land of the blind!

    I have a WP multisite setup that I use to build sites for small charities. I use the Domain Mapping plugin so they can use their own custom domains.

    I would like to be able to offer them the chance to buy their own SSL certificate so they can serve their donation pages (with Stripe for example) by https - rather than just offer an off-site solution like Paypal.

    Am I right in saying that this isn't practically possible at the moment? I'm more of a front-end guy so SSL, SNI and .htaccess things are a bit of a mystery to me.

    Thanks,
    Ben

  • Jack Kitterhing
    • Code Norris

    Hi there Ben,

    Hope you're well today and thanks for your question! :slight_smile:

    This should technically be possible, though you'd need to make sure you have a multi-domain SSL and then each domain would need it's own SSL. From what I've read this would work with Siteground, though you'd want to ask them if they support SNI first before proceeding with that.

    Thank you!

    Kind Regards
    Jack.

  • wp.network
    • The Bug Hunter

    Hey @Badly Drawn Ben and @Jack Kitterhing

    I can add a few things here :slight_smile:

    Basically, you have several options.

    For a secure backend, you can get a single SSL and secure your login/admin areas - if you use a subdirectory network.

    For a subdomain network, you will need a Wildcard SSL for securing the backend.

    However, these will NOT work with mapped domains; you can look at passing visitors to the HTTPS 'original' address for certain pages like checkouts/donations.

    If you want to offer your clients HTTPS mapped domains through a mutlisite then you basically have two options:

    1) a 'Multi-Domain' or 'UCC' SSL cert - these can be really spendy (though you can find deals) and are only able to support 100 domains.

    2) using 'SNI' to manage using many single SSL certs on one IP address

    In my opinion, SNI option makes more sense and seems more fun :wink:
    (You should read about it though, it has some caveats)

    At this time SiteGround does not support SNI :slight_frown:
    They are looking at it though :slight_smile:

    from SG:
    "We have been looking into implementing SNI, however I cannot tell with certainty whether or when this might be set in motion. We use our own custom software on most of our hosting solutions, and have applied a variety of server-side tweaks with our hosting servers, due to which the implementation of a new feature such as this would have to be made compatible with all our own custom changes, and would also require extensive testing that would in turn require quire a bit of time."

    If you are looking to for a provider, have two leads for you:
    1) I believe that MediaTemple offers SNI on their DV platform
    2) I know that EuroVPS has SNI experience and offers fully managed services

    Personally, I'd go with EuroVPS as I have had great success with them in the past (and ongoing) & they are great with Varnish Cache (which is one of the cool things about SG too). https://eurovps.com

    I also noticed the other day the MaxCDN is offering SNI support :slight_smile:

    Also, how freakin' awesome is Domain Mapping 4.2 ?!

    Kind Regards,
    Max

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.