On a single machine, re-use SSL certificate between services, or generate multiple certificates?

wzzrd asked:

Assume a machine has multiple management UIs, like for example Cockpit and Monit. Both can do SSL.

Do best practices dictate using distinct certificates for either service? Or is it OK to reuse a single certificate since both are maintained by the same team, and run on the same machine.

I assume two SSL enabled services maintained by two different teams would not reuse the SSL certificate?

My answer:


You could go either way, depending on your specific needs. It’s even fairly common to see different certs used for the same service on the same port.

The user agent doesn’t care about whether the certificate is the same, only whether it is valid and correctly signed by a trusted CA.

It usually greatly simplifies administration for all services that share a DNS hostname to use the same certificate. But if you have a specific need to do so (which you didn’t mention) then using different certs is perfectly fine.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.