security certificate and two websites

[rombout]

Hello there
we have a production website and a test website on the same webserver. On the production website we have a global server certificate. On the test website we don't have a certificate. Should the test website also have a global certificate to maintain security of the production website.
What I meen wil the production website stil be protected from hackers if there's NO certificate on the test website. So can de production website be hacked via the test website.
Actualy we don’t want to buy another certificate for the test website.

Greating Rombout

 

[Sheco]

Does your test website need to be public to the world? Why not keep it off the Internet? If you also need this test site to play double duty as a "demo" for clients, perhaps you could change the security settings on it to deny the ip addresses of except for those belonging to your company and its clients.

 

[nicklieb]

if you want https on the test site you will need another certificate.

Secure certificates are only valid for a domain. Subdomains require another certificate.

eg.

covered by global

http://www.yoursite.com

http://www.yoursite.com/test

test.yoursite.com = separate certicate

We had this exact question, and our suppliers told us we needed separate certificates, which you add into IIS settings