JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


How many additional machine licenses do I need to buy?

Important: Mainly and unless otherwise indicated, a certificate is sold with a right to be installed on one -physical or virtual- machine. Understand an electrically connected machine for a physical machine and a machine in process for a virtual one.

Some products can be installed on additional machines. They can be copied which prevents you from buying one SSL certificate per machine. You can then save money (a license is less expensive than a main certificate) and ease your certificates management. However, it remains possible to get several certificates for the same domain if needed.

An additional machine license gives you the right to duplicate your certificate in order to install it on an other machine. You'll then need to buy as many additional licenses as your certificate number of copies.

Let's see common cases:

Active/Active

On an active/active configuration, several machines simultaneously process requests. It is the case for load balancing servers.

Here, assuming that you have N machines:
  • Product with additional machine option: 1 main certificate and N-1 additional machine licenses
  • Product without additional machine option: N main certificates

Active/Passive

On an active/passive configuration, one machine processes the requests and an other one (identical) is ready to take over should the first fail. Mostly it is a firewall, a SSL accelerator, a reverse proxy, etc.

Here, assuming that you have N machines:
  • Product with additional machine option: 1 main certificate and N-1 additional machine licenses
  • Product without additional machine option: N main certificates

Backup site

A backup site configuration duplicates a main website. If that site is 'live', meaning that it is electrically connected, N is therefore the sum total of the main site machines and the backup site machine:
  • Product with additional machine option: 1 main certificate and N-1 additional machine licenses
  • Product without additional machine option: N main certificates
If, on the contrary, the backup website is not electrically connected, there is no extra cost for the equipment of this site. It is the same for any backup equipment stored on shelves.

Virtual machines

When several virtual machines are running on the same physical machine, licenses matters are not patent.

Considered as virtual machines (= picture / ghost). Examples:
  • 1 virtual machine running on 3 physical machines counts as 1.
  • 2 virtual machines running on 1 physical machine count as 2.
  • 3 virtual machines running on 2 physical machines count as 3.
It can also be applied to Amazon EC2.

Main case

Let a configuration be made up of N machines:
  • Product with additional machine option: 1 main certificate and N-1 additional machine licenses
  • Product without additional machine option: N main certificates
Example for 3 machines:
  • Product with additional machine option: 1 main certificate and 2 additional machine licenses
  • Product without additional machine option: 3 main certificates

In which cases not to use additional machines licenses?

There are at least 2 situations when the use of additional machines license is not advised:
  • If all the machines of your configuration are not running under the same software. Considering that only one certificate is issued, you won't always be able to duplicate and install the private key on an other software. In that case you may have to create subgroups and to use additional machines licenses within a group including machines running on an identical software.
  • When the higher security standard is requiered. It is safer to have one private key per machine. Should the private key be compromised, it is your entire trafic that would be endangered if the certificate has been duplicated on the architecture. With one private key per machine a local danger won't affect the entire architecture.