SSL question

I have a website hosted on a regular hosting with my own IP and I purchased COMODO SSL for a year via my hosting provider. I have a primary domain and couple of add-on domains. Add-on domains are completely different domains residing in separate folders of my primary domain (kinda like sub-directories).

I don't really need SSL all that bad. I would probably use PayPal which has its own secured interface for credit card online transactions. BUT...what I do need is to be able to login securely into my Joomla backends where I enter my admin credentials. Obviously, SSL that I have is connected to my primary domain (hoster doesn't provide SSL for add-ons anyway). The good news is that I'm somehow being able to
use SSL on my add-ons' backends. I force SSL in Joomla configuration for a backend of Joomla and it seems to be working fine. The only thing is...browsers show me a warning messages that I simply ignore since I know what it's about. The warning is because the certificate was issued for a different domain (ie. my primary one only).

The question is...anyone can explain it and do you think SSL would work fine for ALL of the domains (one primary and 2 add-ons)?

 

No, let whatever you do, SSL will work without warning only on the domain the SSL is issued for. If it is used for a different URL, it will give user a warning message.

The other option is to make the Joomla backend work on a sub-domain instead of on an add-on domain and install a wildcard SSL on the main domain so the SSL will work for all sub-domains too.

 

Thanks for your reply!
No, wildcard SSL is expensive. As a matter of fact, just for a login I'm considering a FREE option of private self-signed cert.
Would save me 50$ a year...

 

Even the self-signed certificate will prompt a warning message.

 

A warning message doesn't scare me when I know the reason behind it.

 

If you are the only one that is going to access that area, then that's fine but if your clients too are going to access it then it will definitely scare them

 

I would suggest inputting your domain on SSL Hopper's SSL Checker (would post the link but I can't yet) and seeing what it comes up with.

If all is clear; then I would suggest using Chrome's Inspect Element and going to the Console which will display what needs to be changed for SSL not to display warnings.

 

- Agree...

Yes, if your clients are going to access log-in area and provide their personal information on your website; than you should secure your website with SSL issued by trusted CAs. Because clients usually don't know about the security warning but warning window while accessing your website can make them little-bit unsure to provide such info.