At our organisation we have one main domain plus a few other secondary domains, which are not subdomains of the former. Something like this:
- Main domain: mycorp.org
- Secondary domain: another.org
- Secondary domain: yetanother.org
We are hosting various web sites on these domains on our own server, using Windows Server and IIS.
We would like to deploy TLS certificates for all domains. From my preliminary research, I gather than most certificate vendors offer company-wide certificates that cover any subdomain from a given one, such as *.mycorp.org, but this wouldn't work for us as we work with totally different domains. In principle I would think that we need multiple single-domain certificates, but as I don't have much experience with certificates, I would like some expert advice:
- Do we really need to get separate single-domain certificates?
- Can we deploy multiple certificates (one per domain) on to the same IIS server, which is hosting all the web sites?
- Is there any additional best practice or recommendation I should be aware of in this setting?