{"id":3622,"date":"2025-12-28T22:42:35","date_gmt":"2025-12-28T19:42:35","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/wildcard-ssl-mi-san-multi-domain-sertifika-mi-e-ticaret-ve-cok-alan-adli-yapilar-icin-rehber\/"},"modified":"2025-12-28T22:42:35","modified_gmt":"2025-12-28T19:42:35","slug":"wildcard-ssl-mi-san-multi-domain-sertifika-mi-e-ticaret-ve-cok-alan-adli-yapilar-icin-rehber","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/wildcard-ssl-mi-san-multi-domain-sertifika-mi-e-ticaret-ve-cok-alan-adli-yapilar-icin-rehber\/","title":{"rendered":"Wildcard SSL mi SAN (Multi\u2011Domain) Sertifika m\u0131? E\u2011Ticaret ve \u00c7ok Alan Adl\u0131 Yap\u0131lar \u0130\u00e7in Rehber"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>E\u2011ticaret ya da \u00e7ok alan adl\u0131 (multi\u2011domain) bir mimari kurarken ka\u00e7 \u00e7ekirdek, ne kadar RAM sorular\u0131n\u0131 \u00e7\u00f6zmek genelde daha kolayd\u0131r. As\u0131l kafa kar\u0131\u015ft\u0131ran noktalar \u00e7o\u011fu zaman DNS ve SSL taraf\u0131nda ortaya \u00e7\u0131kar. Ayn\u0131 markan\u0131n birden fazla alt alan\u0131, farkl\u0131 \u00fclke siteleri, \u00f6deme sayfalar\u0131, API u\u00e7lar\u0131, hatta ayr\u0131 markalar devreye girdik\u00e7e \u015fu soru tekrar tekrar masaya gelir: <strong>Wildcard SSL mi yoksa SAN (Multi\u2011Domain) sertifika m\u0131 kullanmal\u0131y\u0131z?<\/strong><\/p>\n<p>DCHost ekibi olarak g\u00f6rd\u00fc\u011f\u00fcm\u00fcz tablo net: Yanl\u0131\u015f se\u00e7ilen sertifika tipi k\u0131sa vadede pratik g\u00f6r\u00fcnse de uzun vadede yenileme krizleri, karma\u015f\u0131k DNS ayarlar\u0131, beklenmedik taray\u0131c\u0131 uyar\u0131lar\u0131 ve hatta sat\u0131\u015f kayb\u0131na kadar giden sonu\u00e7lar do\u011furabiliyor. Bu yaz\u0131da, tamamen pratik senaryolardan yola \u00e7\u0131karak <strong>Wildcard ve SAN SSL sertifikalar\u0131n\u0131 teknik, operasyonel ve g\u00fcvenlik boyutlar\u0131yla<\/strong> ele alaca\u011f\u0131z. E\u2011ticaret siteleri, ajanslar, SaaS ve \u00e7ok markal\u0131 yap\u0131larda hangi durumda hangisini tercih etmeniz gerekti\u011fini somut kriterlerle netle\u015ftirece\u011fiz.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#SSL_Sertifika_Turlerini_Dogru_Konumlandirmak\"><span class=\"toc_number toc_depth_1\">1<\/span> SSL Sertifika T\u00fcrlerini Do\u011fru Konumland\u0131rmak<\/a><\/li><li><a href=\"#Wildcard_SSL_Nedir_Neleri_Kapsar_Neleri_Kapsamaz\"><span class=\"toc_number toc_depth_1\">2<\/span> Wildcard SSL Nedir, Neleri Kapsar, Neleri Kapsamaz?<\/a><ul><li><a href=\"#Wildcard_SSLin_Avantajlari\"><span class=\"toc_number toc_depth_2\">2.1<\/span> Wildcard SSL\u2019in Avantajlar\u0131<\/a><\/li><li><a href=\"#Wildcard_SSLin_Dezavantajlari_ve_Riskleri\"><span class=\"toc_number toc_depth_2\">2.2<\/span> Wildcard SSL\u2019in Dezavantajlar\u0131 ve Riskleri<\/a><\/li><\/ul><\/li><li><a href=\"#SAN_MultiDomain_SSL_Nedir_Nasil_Calisir\"><span class=\"toc_number toc_depth_1\">3<\/span> SAN (Multi\u2011Domain) SSL Nedir, Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/a><ul><li><a href=\"#SAN_SSLin_Avantajlari\"><span class=\"toc_number toc_depth_2\">3.1<\/span> SAN SSL\u2019in Avantajlar\u0131<\/a><\/li><li><a href=\"#SAN_SSLin_Dezavantajlari\"><span class=\"toc_number toc_depth_2\">3.2<\/span> SAN SSL\u2019in Dezavantajlar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#ETicaret_Senaryolarinda_Wildcard_vs_SAN_Karsilastirmasi\"><span class=\"toc_number toc_depth_1\">4<\/span> E\u2011Ticaret Senaryolar\u0131nda Wildcard vs SAN Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/a><ul><li><a href=\"#Senaryo_1_Tek_Marka_Cok_Alt_Alan_Klasik_ETicaret\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Senaryo 1: Tek Marka, \u00c7ok Alt Alan (Klasik E\u2011Ticaret)<\/a><\/li><li><a href=\"#Senaryo_2_Cok_Ulke_Cok_TLD_Global_Magaza\"><span class=\"toc_number toc_depth_2\">4.2<\/span> Senaryo 2: \u00c7ok \u00dclke, \u00c7ok TLD (Global Ma\u011faza)<\/a><\/li><li><a href=\"#Senaryo_3_Ajans_veya_SaaS_Cok_Musteri_Cok_Domain\"><span class=\"toc_number toc_depth_2\">4.3<\/span> Senaryo 3: Ajans veya SaaS, \u00c7ok M\u00fc\u015fteri, \u00c7ok Domain<\/a><\/li><\/ul><\/li><li><a href=\"#Teknik_Kriterler_Hangi_Mimaride_Hangisi_Daha_Uygun\"><span class=\"toc_number toc_depth_1\">5<\/span> Teknik Kriterler: Hangi Mimaride Hangisi Daha Uygun?<\/a><ul><li><a href=\"#1_Alt_Alan_Adi_Hiyerarsisi\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1. Alt Alan Ad\u0131 Hiyerar\u015fisi<\/a><\/li><li><a href=\"#2_Otomasyon_ve_ACME_Destegi\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2. Otomasyon ve ACME Deste\u011fi<\/a><\/li><li><a href=\"#3_IP_ve_SNI_Kullanimi\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3. IP ve SNI Kullan\u0131m\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Guvenlik_Perspektifi_Tek_Sertifika_mi_Bolunmus_Sertifikalar_mi\"><span class=\"toc_number toc_depth_1\">6<\/span> G\u00fcvenlik Perspektifi: Tek Sertifika m\u0131, B\u00f6l\u00fcnm\u00fc\u015f Sertifikalar m\u0131?<\/a><ul><li><a href=\"#Wildcard_Guvenlik_Risklerini_Azaltma_Onerileri\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Wildcard G\u00fcvenlik Risklerini Azaltma \u00d6nerileri<\/a><\/li><li><a href=\"#SAN_Sertifikalarda_Izolasyon_Stratejisi\"><span class=\"toc_number toc_depth_2\">6.2<\/span> SAN Sertifikalarda \u0130zolasyon Stratejisi<\/a><\/li><\/ul><\/li><li><a href=\"#HTTPden_HTTPSe_Geciste_Wildcard_ve_SAN_Kararinin_Etkisi\"><span class=\"toc_number toc_depth_1\">7<\/span> HTTP\u2019den HTTPS\u2019e Ge\u00e7i\u015fte Wildcard ve SAN Karar\u0131n\u0131n Etkisi<\/a><\/li><li><a href=\"#Pratik_Karar_Tablosu_Wildcard_mi_SAN_mi\"><span class=\"toc_number toc_depth_1\">8<\/span> Pratik Karar Tablosu: Wildcard m\u0131, SAN m\u0131?<\/a><\/li><li><a href=\"#DCHost_Tarafinda_Nasil_Yardimci_Oluyoruz\"><span class=\"toc_number toc_depth_1\">9<\/span> DCHost Taraf\u0131nda Nas\u0131l Yard\u0131mc\u0131 Oluyoruz?<\/a><\/li><li><a href=\"#Sonuc_Tek_Dogru_Yok_Ama_Yanlis_Kombinasyonlar_Cok\"><span class=\"toc_number toc_depth_1\">10<\/span> Sonu\u00e7: Tek Do\u011fru Yok, Ama Yanl\u0131\u015f Kombinasyonlar \u00c7ok<\/a><\/li><\/ul><\/div>\n<h2><span id=\"SSL_Sertifika_Turlerini_Dogru_Konumlandirmak\">SSL Sertifika T\u00fcrlerini Do\u011fru Konumland\u0131rmak<\/span><\/h2>\n<p>\u00d6nce k\u0131sa bir \u00e7er\u00e7eve \u00e7izelim: SSL\/TLS sertifikalar\u0131n\u0131 iki eksende d\u00fc\u015f\u00fcnebilirsiniz:<\/p>\n<ul>\n<li><strong>Kimlik do\u011frulama seviyesi:<\/strong> DV, OV, EV (alan ad\u0131, kurum, geni\u015fletilmi\u015f do\u011frulama)<\/li>\n<li><strong>Kapsam t\u00fcr\u00fc:<\/strong> Tek alan ad\u0131, Wildcard, SAN (Multi\u2011Domain)<\/li>\n<\/ul>\n<p>Kimlik do\u011frulama seviyeleri (DV\/OV\/EV) ile kapsam t\u00fcr\u00fc (Wildcard\/SAN) birbirinden ba\u011f\u0131ms\u0131z kavramlard\u0131r. \u00d6rne\u011fin DV Wildcard, OV SAN gibi kombinasyonlar m\u00fcmk\u00fcnd\u00fcr. Bu yaz\u0131da a\u011f\u0131rl\u0131kl\u0131 olarak <strong>kapsam t\u00fcr\u00fc<\/strong> taraf\u0131na odaklanaca\u011f\u0131z, ancak DV\/OV\/EV ayr\u0131m\u0131n\u0131 daha net g\u00f6rmek isterseniz <a href=\"https:\/\/www.dchost.com\/blog\/dv-ov-ev-ve-wildcard-ssl-arasinda-kaybolmadan-e-ticaret-ve-saaste-hangi-sertifika-ne-zaman\/\">DV, OV, EV ve Wildcard SSL t\u00fcrleri aras\u0131ndaki farklar\u0131 anlatt\u0131\u011f\u0131m\u0131z rehbere<\/a> mutlaka g\u00f6z at\u0131n.<\/p>\n<p>Temel hat\u0131rlatma:<\/p>\n<ul>\n<li><strong>Tek alan ad\u0131 sertifikas\u0131:<\/strong> Sadece tek bir FQDN\u2019i (\u00f6rne\u011fin <code>www.ornek.com<\/code>) kapsar.<\/li>\n<li><strong>Wildcard sertifika:<\/strong> Belirli bir alan\u0131n birinci seviye t\u00fcm alt alanlar\u0131n\u0131 (\u00f6rne\u011fin <code>*.ornek.com<\/code>) kapsar.<\/li>\n<li><strong>SAN (Multi\u2011Domain) sertifika:<\/strong> Birden \u00e7ok farkl\u0131 alan ad\u0131n\u0131 ve\/veya alt alan\u0131 ayn\u0131 sertifika i\u00e7inde bar\u0131nd\u0131r\u0131r.<\/li>\n<\/ul>\n<h2><span id=\"Wildcard_SSL_Nedir_Neleri_Kapsar_Neleri_Kapsamaz\">Wildcard SSL Nedir, Neleri Kapsar, Neleri Kapsamaz?<\/span><\/h2>\n<p><strong>Wildcard SSL<\/strong>, kabaca <code>*.alanadiniz.com<\/code> format\u0131nda \u00fcretilen ve o alan\u0131n <strong>birinci seviye t\u00fcm alt alanlar\u0131n\u0131<\/strong> kapsayan sertifika tipidir. \u00d6rne\u011fin:<\/p>\n<ul>\n<li><code>*.magazam.com<\/code> i\u00e7in a\u015fa\u011f\u0131dakiler kapsama dahildir:\n<ul>\n<li><code>www.magazam.com<\/code><\/li>\n<li><code>api.magazam.com<\/code><\/li>\n<li><code>cdn.magazam.com<\/code><\/li>\n<li><code>pay.magazam.com<\/code> vb.<\/li>\n<\/ul>\n<\/li>\n<li>Ancak \u015funlar kapsama <strong>dahil de\u011fildir<\/strong>:\n<ul>\n<li><code>magazam.com<\/code> (k\u00f6k alan ad\u0131, \u00e7o\u011fu sertifika sa\u011flay\u0131c\u0131da ayr\u0131ca eklenmelidir)<\/li>\n<li><code>v2.api.magazam.com<\/code> (ikinci seviye alt alan)<\/li>\n<li><code>magazam.com.tr<\/code> gibi farkl\u0131 TLD\u2019ler<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Yani Wildcard, <strong>tek bir alan\u0131n etraf\u0131ndaki alt alan orman\u0131n\u0131<\/strong> g\u00fcvenceye almak i\u00e7in tasarlanm\u0131\u015f bir yakla\u015f\u0131md\u0131r. \u00d6zellikle \u201c<code>www<\/code>, <code>shop<\/code>, <code>cdn<\/code>, <code>img<\/code>, <code>api<\/code>\u201d gibi klasik alt alan kal\u0131plar\u0131n\u0131 tek bir hamlede \u00e7\u00f6zmek istedi\u011finizde hayat kurtar\u0131r.<\/p>\n<h3><span id=\"Wildcard_SSLin_Avantajlari\">Wildcard SSL\u2019in Avantajlar\u0131<\/span><\/h3>\n<ul>\n<li><strong>Yeni alt alan a\u00e7ma \u00f6zg\u00fcrl\u00fc\u011f\u00fc:<\/strong> \u00d6nceden hangi alt alanlara ihtiya\u00e7 duyaca\u011f\u0131n\u0131z\u0131 bilmek zorunda de\u011filsiniz. Gelecekte <code>blog.magazam.com<\/code> ya da <code>beta.magazam.com<\/code> a\u00e7mak istedi\u011finizde ek bir sertifika i\u015flemi yapman\u0131z gerekmez.<\/li>\n<li><strong>Daha basit sertifika envanteri:<\/strong> Tek bir alan i\u00e7in onlarca ayr\u0131 sertifika yerine, <strong>tek Wildcard sertifika<\/strong> ile y\u00f6netim y\u00fck\u00fcn\u00fc azalt\u0131rs\u0131n\u0131z.<\/li>\n<li><strong>Let\u2019s Encrypt ile otomasyon imk\u00e2n\u0131:<\/strong> DNS\u201101 challange ile Wildcard sertifikalar\u0131 <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-wildcard-ssl-otomasyonu-dns-01-ile-cpanel-plesk-ve-nginxte-zahmetsiz-kurulum-ve-yenileme-nasil-yapilir\/\">otomatik \u00fcretip yenileyece\u011finiz bir altyap\u0131<\/a> kurdu\u011funuzda, manuel yenileme derdini neredeyse tamamen ortadan kald\u0131rabilirsiniz.<\/li>\n<li><strong>Geli\u015ftirme\/staging ortamlar\u0131 i\u00e7in pratik:<\/strong> <code>dev.magazam.com<\/code>, <code>stg.magazam.com<\/code>, <code>test.magazam.com<\/code> gibi ortamlar i\u00e7in de ayn\u0131 sertifikay\u0131 kullanabilirsiniz.<\/li>\n<\/ul>\n<h3><span id=\"Wildcard_SSLin_Dezavantajlari_ve_Riskleri\">Wildcard SSL\u2019in Dezavantajlar\u0131 ve Riskleri<\/span><\/h3>\n<ul>\n<li><strong>Tek anahtar \u2013 \u00e7ok nokta riski:<\/strong> Ayn\u0131 \u00f6zel anahtar\u0131 (private key) birden \u00e7ok sunucuya da\u011f\u0131tt\u0131\u011f\u0131n\u0131zda, bu anahtar\u0131 ele ge\u00e7iren bir sald\u0131rgan <code>*.alanadiniz.com<\/code> alt\u0131ndaki t\u00fcm host\u2019lar\u0131 taklit edebilir.<\/li>\n<li><strong>Bir seviye ile s\u0131n\u0131rl\u0131 hiyerar\u015fi:<\/strong> <code>*.alanadiniz.com<\/code> sertifikas\u0131 <code>v2.api.alanadiniz.com<\/code> gibi \u00e7ok seviye alt alanlar\u0131 kapsamaz. Karma\u015f\u0131k mikroservis mimarilerinde bu s\u0131n\u0131rlama s\u0131k\u0131nt\u0131 olabilir.<\/li>\n<li><strong>Birden \u00e7ok marka \/ TLD i\u00e7in uygun de\u011fil:<\/strong> Hem <code>magazam.com<\/code> hem <code>magazam.com.tr<\/code> hem de <code>marka2.com<\/code> gibi alanlar\u0131n\u0131z varsa, tek bir Wildcard ile bunlar\u0131n hepsini kapsayamazs\u0131n\u0131z.<\/li>\n<li><strong>Yetki payla\u015f\u0131m\u0131 zorla\u015f\u0131r:<\/strong> Farkl\u0131 ekipler (\u00f6rn. ajans, alt y\u00fcklenici, \u00fc\u00e7\u00fcnc\u00fc parti entegrat\u00f6r) farkl\u0131 alt alanlardan sorumluysa, hepsi ayn\u0131 sertifikay\u0131 ve anahtar\u0131 payla\u015fmak zorunda kal\u0131r; bu da g\u00fcvenlik ve sorumluluk takibini zorla\u015ft\u0131r\u0131r.<\/li>\n<\/ul>\n<h2><span id=\"SAN_MultiDomain_SSL_Nedir_Nasil_Calisir\">SAN (Multi\u2011Domain) SSL Nedir, Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/span><\/h2>\n<p><strong>SAN (Subject Alternative Name)<\/strong> alan\u0131, bir sertifikan\u0131n birden fazla alan ad\u0131n\u0131 ve alt alan\u0131 kapsamas\u0131n\u0131 sa\u011flayan TLS\/SSL \u00f6zelli\u011fidir. Pratikte \u201cMulti\u2011Domain SSL\u201d diye g\u00f6rd\u00fc\u011f\u00fcn\u00fcz sertifikalar teknik olarak <strong>SAN alan\u0131 dolu<\/strong> sertifikalard\u0131r.<\/p>\n<p>\u00d6rne\u011fin tek bir SAN sertifikas\u0131 a\u015fa\u011f\u0131dakilerin tamam\u0131n\u0131 ayn\u0131 anda kapsayabilir:<\/p>\n<ul>\n<li><code>www.magazam.com<\/code><\/li>\n<li><code>magazam.com<\/code><\/li>\n<li><code>www.magazam.com.tr<\/code><\/li>\n<li><code>api.magazam.com<\/code><\/li>\n<li><code>www.markab.com<\/code><\/li>\n<li><code>odeme.magazam.com<\/code><\/li>\n<\/ul>\n<p>Taray\u0131c\u0131, TLS el s\u0131k\u0131\u015fmas\u0131 (handshake) s\u0131ras\u0131nda sertifikada yer alan SAN listesini kontrol eder ve ba\u011fland\u0131\u011f\u0131 host ad\u0131n\u0131n bu listedeki de\u011ferlerden biriyle e\u015fle\u015fip e\u015fle\u015fmedi\u011fine bakar. E\u015fle\u015fme varsa ba\u011flant\u0131 g\u00fcvenli kabul edilir.<\/p>\n<h3><span id=\"SAN_SSLin_Avantajlari\">SAN SSL\u2019in Avantajlar\u0131<\/span><\/h3>\n<ul>\n<li><strong>Farkl\u0131 alan adlar\u0131n\u0131 tek \u00e7at\u0131 alt\u0131nda toplar:<\/strong> Farkl\u0131 markalar\u0131n\u0131z, co\u011frafi siteleriniz (\u00f6rn. <code>.com<\/code>, <code>.com.tr<\/code>, <code>.de<\/code>) ya da farkl\u0131 projeleriniz varsa tek bir SAN sertifikas\u0131 ile hepsini koruyabilirsiniz.<\/li>\n<li><strong>Alan ad\u0131 ba\u015f\u0131na daha net yetkilendirme:<\/strong> Hangi alanlar\u0131n sertifika alt\u0131nda oldu\u011fu SAN listesinde a\u00e7\u0131k\u00e7a g\u00f6r\u00fcn\u00fcr. Bu, denetim ve dok\u00fcmantasyon a\u00e7\u0131s\u0131ndan \u015feffafl\u0131k sa\u011flar.<\/li>\n<li><strong>\u00c7ok markal\u0131 e\u2011ticaret ve marketplace\u2019ler i\u00e7in esnek:<\/strong> \u00d6rne\u011fin <code>magaza1.com<\/code>, <code>magaza2.com<\/code>, <code>magaza3.com<\/code> gibi domain\u2019leri ayn\u0131 gateway arkas\u0131nda ko\u015fturuyorsan\u0131z, ortak bir SAN sertifikas\u0131 kullanabilirsiniz.<\/li>\n<li><strong>EV\/OV ile birlikte kullan\u0131labilir:<\/strong> Kurumsal firmalar i\u00e7in hem \u015firket isminin sertifikada g\u00f6r\u00fcnmesini (OV\/EV) hem de \u00e7ok alan ad\u0131 kapsamas\u0131n\u0131 ayn\u0131 anda sa\u011flayabilirsiniz.<\/li>\n<\/ul>\n<h3><span id=\"SAN_SSLin_Dezavantajlari\">SAN SSL\u2019in Dezavantajlar\u0131<\/span><\/h3>\n<ul>\n<li><strong>SAN listesi y\u00f6netimi:<\/strong> Yeni bir alan ad\u0131 eklendi\u011finde genellikle sertifikay\u0131 yeniden \u00fcretmek gerekir. Bu da otomasyonu kurgulamad\u0131ysan\u0131z operasyonel y\u00fck olu\u015fturur.<\/li>\n<li><strong>Maksimum alan ad\u0131 limiti:<\/strong> \u00c7o\u011fu CA, tek bir SAN sertifikas\u0131nda izin verdi\u011fi alan ad\u0131 say\u0131s\u0131n\u0131 s\u0131n\u0131rlar. Onlarca, y\u00fczlerce alan ad\u0131 olan ajans ve SaaS yap\u0131lar\u0131nda bu limiti planlaman\u0131z gerekir.<\/li>\n<li><strong>Tek sertifika \u2013 \u00e7ok m\u00fc\u015fteri riski:<\/strong> Ajanslar\u0131n s\u0131k yapt\u0131\u011f\u0131 hata: T\u00fcm m\u00fc\u015fteri sitelerini tek SAN sertifikas\u0131na doldurmak. Bir m\u00fc\u015fteriyle yollar ayr\u0131ld\u0131\u011f\u0131nda ya da bir domain ta\u015f\u0131nd\u0131\u011f\u0131nda, sertifikay\u0131 b\u00f6lmek ve yeniden tasarlamak zorunda kal\u0131rs\u0131n\u0131z.<\/li>\n<\/ul>\n<h2><span id=\"ETicaret_Senaryolarinda_Wildcard_vs_SAN_Karsilastirmasi\">E\u2011Ticaret Senaryolar\u0131nda Wildcard vs SAN Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/span><\/h2>\n<p>Teoriyi kenara b\u0131rak\u0131p ger\u00e7ek hayattaki yayg\u0131n senaryolara bakal\u0131m. Her senaryo i\u00e7in hangi sertifika tipinin daha mant\u0131kl\u0131 oldu\u011funa dair net tavsiyeler payla\u015faca\u011f\u0131z.<\/p>\n<h3><span id=\"Senaryo_1_Tek_Marka_Cok_Alt_Alan_Klasik_ETicaret\">Senaryo 1: Tek Marka, \u00c7ok Alt Alan (Klasik E\u2011Ticaret)<\/span><\/h3>\n<p>Alan adlar\u0131n\u0131z \u015f\u00f6yle olsun:<\/p>\n<ul>\n<li><code>magazam.com<\/code> (k\u00f6k)<\/li>\n<li><code>www.magazam.com<\/code> (web)<\/li>\n<li><code>api.magazam.com<\/code> (REST\/GraphQL API)<\/li>\n<li><code>img.magazam.com<\/code> (g\u00f6rseller)<\/li>\n<li><code>cdn.magazam.com<\/code> (CDN origin)<\/li>\n<li><code>pay.magazam.com<\/code> (\u00f6deme)<\/li>\n<\/ul>\n<p>Bu durumda <strong>tek marka ve tek TLD \u00e7evresinde d\u00f6nen<\/strong> bir ekosistemden bahsediyoruz. Genellikle en mant\u0131kl\u0131 yakla\u015f\u0131m:<\/p>\n<ul>\n<li><strong>Bir adet Wildcard SSL:<\/strong> <code>*.magazam.com<\/code><\/li>\n<li>Gerekirse k\u00f6k alan ad\u0131 (<code>magazam.com<\/code>) i\u00e7in ekstra SAN giri\u015fi veya ayr\u0131 bir DV sertifika<\/li>\n<\/ul>\n<p>B\u00f6yle bir mimaride <strong>Wildcard sertifika<\/strong> size \u015fu avantajlar\u0131 sa\u011flar:<\/p>\n<ul>\n<li>Yeni alt alanlar (\u00f6rn. <code>beta.magazam.com<\/code>, <code>m.magazam.com<\/code>) i\u00e7in ekstra i\u015flem yapmazs\u0131n\u0131z.<\/li>\n<li>CI\/CD s\u00fcrecinize Let\u2019s Encrypt entegrasyonu ile <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-ile-ucretsiz-ssl-sertifikasi-kurulumu-cpanel-ve-directadminde-otomatik-yenileme-rehberi\/\">otomatik SSL yenileme<\/a> eklerseniz, sertifika y\u00f6netimi b\u00fcy\u00fck \u00f6l\u00e7\u00fcde arka planda kal\u0131r.<\/li>\n<\/ul>\n<p>Burada kritik nokta, <strong>\u00f6deme sayfas\u0131<\/strong> (<code>pay.magazam.com<\/code>) gibi PCI DSS\u2019e dokunan bile\u015fenleri bar\u0131nd\u0131rd\u0131\u011f\u0131n\u0131z sunucularda anahtar y\u00f6netimini daha s\u0131k\u0131 yapman\u0131zd\u0131r. Bu konuyu derinlemesine ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/pci-dss-uyumlu-e-ticaret-hosting-rehberi\/\">PCI DSS uyumlu e\u2011ticaret hosting rehberine<\/a> de g\u00f6z atabilirsiniz.<\/p>\n<h3><span id=\"Senaryo_2_Cok_Ulke_Cok_TLD_Global_Magaza\">Senaryo 2: \u00c7ok \u00dclke, \u00c7ok TLD (Global Ma\u011faza)<\/span><\/h3>\n<p>Daha b\u00fcy\u00fck \u00e7apl\u0131 bir e\u2011ticaret yap\u0131s\u0131nda \u015fu kombinasyonu d\u00fc\u015f\u00fcnelim:<\/p>\n<ul>\n<li><code>www.magazam.com<\/code> (global)<\/li>\n<li><code>www.magazam.com.tr<\/code> (T\u00fcrkiye)<\/li>\n<li><code>www.magazam.de<\/code> (Almanya)<\/li>\n<li><code>www.magazam.fr<\/code> (Fransa)<\/li>\n<\/ul>\n<p>Tek marka ama <strong>birden fazla \u00fclke ve TLD<\/strong> var. \u00c7o\u011fu zaman bu alan adlar\u0131n\u0131n \u00f6n\u00fcnde ayn\u0131 CDN, WAF veya load balancer bulunuyor. Bu durumda:<\/p>\n<ul>\n<li>\u00d6n u\u00e7 (edge) katmanda, t\u00fcm bu alan adlar\u0131n\u0131 i\u00e7eren bir <strong>SAN (Multi\u2011Domain) sertifika<\/strong> mant\u0131kl\u0131d\u0131r.<\/li>\n<li>Arka plandaki origin sunucularda ise h\u00e2l\u00e2 <strong>Wildcard<\/strong> ya da tek alan ad\u0131 sertifikalar\u0131 ile \u00e7al\u0131\u015fabilirsiniz.<\/li>\n<\/ul>\n<p>Yani burada kar\u015f\u0131m\u0131za \u00e7\u0131kan model: <strong>Edge\u2019de SAN, origin\u2019de Wildcard\/tek alan<\/strong>. B\u00f6ylece:<\/p>\n<ul>\n<li>CDN\/WAF katman\u0131nda tek sertifika ile t\u00fcm \u00fclkeleri kapsars\u0131n\u0131z.<\/li>\n<li>Uygulama sunucular\u0131nda ise ayr\u0131 ayr\u0131 sertifika ve anahtar y\u00f6netimi yaparak sald\u0131r\u0131 y\u00fczeyini daralt\u0131rs\u0131n\u0131z.<\/li>\n<\/ul>\n<h3><span id=\"Senaryo_3_Ajans_veya_SaaS_Cok_Musteri_Cok_Domain\">Senaryo 3: Ajans veya SaaS, \u00c7ok M\u00fc\u015fteri, \u00c7ok Domain<\/span><\/h3>\n<p>Bir ajans veya SaaS sa\u011flay\u0131c\u0131s\u0131 olarak onlarca m\u00fc\u015fteriniz olabilir:<\/p>\n<ul>\n<li><code>www.musteri1.com<\/code><\/li>\n<li><code>www.musteri2.com.tr<\/code><\/li>\n<li><code>shop.musteri3.com<\/code> vb.<\/li>\n<\/ul>\n<p>Burada s\u0131k yap\u0131lan hatalardan biri, <strong>t\u00fcm m\u00fc\u015fteri domain\u2019lerini tek bir SAN sertifikas\u0131na doldurmak<\/strong>. K\u0131sa vadede pratik g\u00f6r\u00fcn\u00fcr; ancak:<\/p>\n<ul>\n<li>Bir m\u00fc\u015fteri ayr\u0131ld\u0131\u011f\u0131nda sertifikay\u0131 yeniden tasarlamak zorunda kal\u0131rs\u0131n\u0131z.<\/li>\n<li>Hukuki ve operasyonel olarak m\u00fc\u015fteriler aras\u0131nda gereksiz bir ba\u011f\u0131ml\u0131l\u0131k olu\u015fur.<\/li>\n<li>Bir domain\u2019de ya\u015fanan DNS\/SSL sorunu di\u011ferlerini de etkileyebilir.<\/li>\n<\/ul>\n<p>Bu tip yap\u0131larda genelde \u015fu strateji daha sa\u011fl\u0131kl\u0131d\u0131r:<\/p>\n<ul>\n<li>Her m\u00fc\u015fteri i\u00e7in <strong>ayr\u0131 bir Wildcard veya tek alan ad\u0131 sertifikas\u0131<\/strong> kullanmak.<\/li>\n<li>Ya da Let\u2019s Encrypt ile otomatik \u00e7al\u0131\u015fan, m\u00fc\u015fteri ba\u015f\u0131na izole edilmi\u015f DV sertifikalar \u00fcretmek.<\/li>\n<\/ul>\n<p>\u00c7ok kirac\u0131l\u0131 SaaS mimarilerinde \u00f6zel alan adlar\u0131 ve otomatik SSL konusunu derinlemesine anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/saaste-ozel-alan-adlari-ve-otomatik-ssl-dns-01-ile-cok-kiracili-mimarini-nasil-tatli-tatli-olceklersin\/\">\u00f6zel alan adlar\u0131 ve otomatik SSL rehberini<\/a> de incelemenizi \u00f6neririz.<\/p>\n<h2><span id=\"Teknik_Kriterler_Hangi_Mimaride_Hangisi_Daha_Uygun\">Teknik Kriterler: Hangi Mimaride Hangisi Daha Uygun?<\/span><\/h2>\n<p>Karar verirken sadece \u201calan say\u0131s\u0131\u201dna bakmak yeterli de\u011fil. Mimarinin baz\u0131 teknik detaylar\u0131 da se\u00e7imde kritik rol oynar.<\/p>\n<h3><span id=\"1_Alt_Alan_Adi_Hiyerarsisi\">1. Alt Alan Ad\u0131 Hiyerar\u015fisi<\/span><\/h3>\n<p>E\u011fer yap\u0131n\u0131zda \u015fu tarz adresler varsa:<\/p>\n<ul>\n<li><code>api.v2.magazam.com<\/code><\/li>\n<li><code>blue.api.magazam.com<\/code><\/li>\n<li><code>eu1.pay.magazam.com<\/code><\/li>\n<\/ul>\n<p>Wildcard sertifikan\u0131z <code>*.magazam.com<\/code> ise, bunlar kapsam d\u0131\u015f\u0131nda kal\u0131r. Bu durumda se\u00e7enekleriniz:<\/p>\n<ul>\n<li>Her seviye i\u00e7in ayr\u0131 Wildcard (\u00f6rn. <code>*.api.magazam.com<\/code>),<\/li>\n<li>Ya da detayl\u0131 bir <strong>SAN sertifika<\/strong> tasar\u0131m\u0131 yapmak.<\/li>\n<\/ul>\n<p>Mikroservis ve \u00e7ok katmanl\u0131 alt alan mimarilerinde genellikle <strong>kombine bir yakla\u015f\u0131m<\/strong> gerekir: Baz\u0131 kritik alt alan gruplar\u0131 i\u00e7in ayr\u0131 Wildcard, geri kalan i\u00e7in SAN vb.<\/p>\n<h3><span id=\"2_Otomasyon_ve_ACME_Destegi\">2. Otomasyon ve ACME Deste\u011fi<\/span><\/h3>\n<p>Let\u2019s Encrypt gibi ACME tabanl\u0131 sistemler sayesinde hem Wildcard hem SAN sertifikalar\u0131 otomatik \u00fcretip yenileyebilirsiniz. Ancak kullan\u0131lan challenge t\u00fcr\u00fc ve DNS yap\u0131n\u0131z bu noktada belirleyicidir.<\/p>\n<ul>\n<li><strong>HTTP\u201101 challenge:<\/strong> Genellikle tek alan ad\u0131 veya s\u0131n\u0131rl\u0131 SAN kombinasyonlar\u0131 i\u00e7in daha pratik.<\/li>\n<li><strong>DNS\u201101 challenge:<\/strong> Wildcard sertifikalar ve \u00e7ok alanl\u0131 SAN yap\u0131lar i\u00e7in idealdir; ancak DNS API eri\u015fimi gerektirir.<\/li>\n<\/ul>\n<p>ACME challenge t\u00fcrlerini ayr\u0131nt\u0131l\u0131 kar\u015f\u0131la\u015ft\u0131rd\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/acme-challenge-turleri-derinlemesine-http%e2%80%9101-dns%e2%80%9101-ve-tls%e2%80%91alpn%e2%80%9101-ne-zaman-hangisi\/\">HTTP\u201101, DNS\u201101 ve TLS\u2011ALPN\u201101 odakl\u0131 rehbere<\/a> g\u00f6z atarak kendi mimarinize en uygun otomasyon yakla\u015f\u0131m\u0131n\u0131 belirleyebilirsiniz.<\/p>\n<p>Bir di\u011fer kritik nokta ise <strong>rate limit<\/strong> y\u00f6netimi. \u00c7ok say\u0131da domain i\u00e7in Let\u2019s Encrypt kullan\u0131yorsan\u0131z, <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-rate-limitlerine-takilmadan-cok-alan-adinda-ssl-san-wildcard-acme-challenge-ve-tatli-stratejiler\/\">rate limit\u2019e tak\u0131lmadan \u00e7ok alan ad\u0131nda SSL y\u00f6netmek i\u00e7in haz\u0131rlad\u0131\u011f\u0131m\u0131z strateji rehberi<\/a> pratik \u00e7\u00f6z\u00fcmler sunuyor.<\/p>\n<h3><span id=\"3_IP_ve_SNI_Kullanimi\">3. IP ve SNI Kullan\u0131m\u0131<\/span><\/h3>\n<p>G\u00fcncel taray\u0131c\u0131lar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011fu SNI (Server Name Indication) deste\u011fine sahip oldu\u011fundan, tek IP \u00fczerinde birden fazla <a href=\"https:\/\/www.dchost.com\/tr\/ssl\">SSL sertifikas\u0131<\/a> bar\u0131nd\u0131rmak \u00e7o\u011fu senaryoda problem de\u011fil. Dolay\u0131s\u0131yla \u201ctek IP var, mutlaka SAN kullanmal\u0131y\u0131m\u201d ya da \u201cWildcard tek \u00e7\u00f6z\u00fcmd\u00fcr\u201d gibi genellemeler art\u0131k ge\u00e7erlili\u011fini yitirdi.<\/p>\n<p>\u00d6nemli olan; sunucu konfig\u00fcrasyonunuzu (Nginx, Apache, LiteSpeed vb.) do\u011fru yapman\u0131z ve hangi host ad\u0131nda hangi sertifikan\u0131n sunulaca\u011f\u0131n\u0131 net tan\u0131mlaman\u0131zd\u0131r. Bu konfig\u00fcrasyonlar\u0131 yaparken HTTP\/2\/HTTP\/3, ALPN ve performans ayarlar\u0131n\u0131 da birlikte ele almak istiyorsan\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/http-2-ve-http-3-destegi-seo-ve-core-web-vitalsi-nasil-etkiler-hosting-secerken-nelere-bakmali\/\">HTTP\/2 ve HTTP\/3\u2019\u00fcn SEO ve performansa etkilerini inceledi\u011fimiz rehber<\/a> size yol g\u00f6sterecektir.<\/p>\n<h2><span id=\"Guvenlik_Perspektifi_Tek_Sertifika_mi_Bolunmus_Sertifikalar_mi\">G\u00fcvenlik Perspektifi: Tek Sertifika m\u0131, B\u00f6l\u00fcnm\u00fc\u015f Sertifikalar m\u0131?<\/span><\/h2>\n<p>Hem Wildcard hem SAN sertifikalar\u0131n ortak bir riski var: <strong>tek sertifikan\u0131n \u00e7ok fazla yeri kapsamas\u0131<\/strong>. Bu, y\u00f6netilmesi gerekti\u011fi gibi y\u00f6netildi\u011finde avantaj; ihmale u\u011frad\u0131\u011f\u0131nda ise ciddi bir zafiyet kayna\u011f\u0131 olabilir.<\/p>\n<h3><span id=\"Wildcard_Guvenlik_Risklerini_Azaltma_Onerileri\">Wildcard G\u00fcvenlik Risklerini Azaltma \u00d6nerileri<\/span><\/h3>\n<ul>\n<li><strong>\u00d6zel anahtar\u0131 m\u00fcmk\u00fcn oldu\u011funca az sunucuya kopyalay\u0131n:<\/strong> Her alt alan i\u00e7in ayr\u0131 origin sunucunuz varsa bile, sertifikay\u0131 do\u011frudan hepsine da\u011f\u0131tmak yerine \u00f6nlerinde duran ters proxy\/load balancer\u2019a y\u00fcklemeyi tercih edin.<\/li>\n<li><strong>Key rotation (anahtar d\u00f6nd\u00fcrme) uygulay\u0131n:<\/strong> Sertifika yenileme s\u00fcrecinde ayn\u0131 private key\u2019i y\u0131llarca kullanmak yerine belirli periyotlarla yeni anahtar \u00fcretin.<\/li>\n<li><strong>Eri\u015fim kontrol\u00fc:<\/strong> Sertifika ve anahtar dosyalar\u0131na kimlerin eri\u015fti\u011fi net olsun. DCHost \u00fczerinde \u00e7al\u0131\u015fan VPS\/<a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>lar\u0131n\u0131zda, bu dosyalara eri\u015fimi sadece ger\u00e7ekten ihtiya\u00e7 duyan kullan\u0131c\u0131larla s\u0131n\u0131rlay\u0131n.<\/li>\n<\/ul>\n<h3><span id=\"SAN_Sertifikalarda_Izolasyon_Stratejisi\">SAN Sertifikalarda \u0130zolasyon Stratejisi<\/span><\/h3>\n<ul>\n<li><strong>Ayn\u0131 sertifikaya girecek domain\u2019leri dikkat se\u00e7in:<\/strong> Hukuken, operasyonel olarak ve g\u00fcvenlik a\u00e7\u0131s\u0131ndan birbirine ba\u011fl\u0131 olan alan adlar\u0131n\u0131 ayn\u0131 SAN i\u00e7inde gruplay\u0131n.<\/li>\n<li><strong>M\u00fc\u015fteri s\u0131n\u0131rlar\u0131n\u0131 g\u00f6zetin:<\/strong> Farkl\u0131 m\u00fc\u015fterilere ait domain\u2019leri ayn\u0131 SAN i\u00e7inde kar\u0131\u015ft\u0131rmay\u0131n.<\/li>\n<li><strong>De\u011fi\u015fim frekans\u0131n\u0131 planlay\u0131n:<\/strong> S\u00fcrekli domain ekleyip \u00e7\u0131kard\u0131\u011f\u0131n\u0131z dinamik yap\u0131larda, SAN listesi y\u00f6netimini otomasyona ba\u011flamadan yola \u00e7\u0131kmay\u0131n.<\/li>\n<\/ul>\n<h2><span id=\"HTTPden_HTTPSe_Geciste_Wildcard_ve_SAN_Kararinin_Etkisi\">HTTP\u2019den HTTPS\u2019e Ge\u00e7i\u015fte Wildcard ve SAN Karar\u0131n\u0131n Etkisi<\/span><\/h2>\n<p>Yeni bir e\u2011ticaret projesinde \u00e7o\u011fu zaman zaten HTTPS ile ba\u015fl\u0131yorsunuz. Ancak y\u0131llard\u0131r a\u00e7\u0131k olan bir siteyi HTTP\u2019den HTTPS\u2019e ge\u00e7irirken, sertifika stratejiniz SEO ve kullan\u0131c\u0131 deneyimi a\u00e7\u0131s\u0131ndan kritik rol oynar.<\/p>\n<p>\u00d6zellikle:<\/p>\n<ul>\n<li><code>www<\/code> ve k\u00f6k alan (<code>www.magazam.com<\/code> + <code>magazam.com<\/code>) kombinasyonlar\u0131,<\/li>\n<li>Farkl\u0131 dil s\u00fcr\u00fcmleri (<code>en.magazam.com<\/code>, <code>de.magazam.com<\/code>),<\/li>\n<li>Eski\/yanl\u0131\u015f y\u00f6nlendirmeler,<\/li>\n<\/ul>\n<p>gibi konularda yap\u0131lacak hatalar taray\u0131c\u0131da \u201cNot Secure\u201d uyar\u0131lar\u0131 ve SEO kayb\u0131na yol a\u00e7abilir. Bu s\u00fcreci ad\u0131m ad\u0131m anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/httpden-httpse-gecis-rehberi-301-yonlendirme-hsts-ve-seoyu-korumak\/\">HTTP\u2019den HTTPS\u2019e ge\u00e7i\u015f rehberinde<\/a> 301 y\u00f6nlendirmeleri, HSTS ve SEO taraf\u0131n\u0131 detaylar\u0131yla ele ald\u0131k. Oradaki prensipleri Wildcard veya SAN karar\u0131n\u0131zla birlikte d\u00fc\u015f\u00fcnmek, ge\u00e7i\u015f s\u00fcrecini \u00e7ok daha sorunsuz hale getirir.<\/p>\n<h2><span id=\"Pratik_Karar_Tablosu_Wildcard_mi_SAN_mi\">Pratik Karar Tablosu: Wildcard m\u0131, SAN m\u0131?<\/span><\/h2>\n<p>T\u00fcm bu bilgileri \u00f6zetleyerek h\u0131zl\u0131 bir karar k\u0131lavuzu \u00e7\u0131karal\u0131m:<\/p>\n<ul>\n<li><strong>Senaryo:<\/strong> Tek marka, tek TLD, \u00e7ok alt alan<br \/> <strong>\u00d6neri:<\/strong> Ana domain i\u00e7in <strong>Wildcard SSL<\/strong> (gerekirse k\u00f6k alan i\u00e7in ek SAN ya da ayr\u0131 DV sertifika)<\/li>\n<li><strong>Senaryo:<\/strong> Tek marka, \u00e7ok TLD (com, com.tr, de, fr vb.)<br \/> <strong>\u00d6neri:<\/strong> Edge\/CDN katman\u0131nda <strong>SAN SSL<\/strong>, origin taraf\u0131nda Wildcard + tek alan sertifikalar\u0131n\u0131n kombinasyonu<\/li>\n<li><strong>Senaryo:<\/strong> \u00c7ok markal\u0131 e\u2011ticaret veya marketplace<br \/> <strong>\u00d6neri:<\/strong> Her marka i\u00e7in ayr\u0131 Wildcard\/tek alan; ortak gateway katman\u0131nda s\u0131n\u0131rl\u0131 bir <strong>SAN sertifika<\/strong> seti<\/li>\n<li><strong>Senaryo:<\/strong> Ajans\/SaaS, \u00e7ok m\u00fc\u015fteri<br \/> <strong>\u00d6neri:<\/strong> M\u00fc\u015fteri ba\u015f\u0131na izole DV\/Wildcard; m\u00fcmk\u00fcn oldu\u011funca m\u00fc\u015fteriler aras\u0131 ortak SAN kullanmaktan ka\u00e7\u0131nmak<\/li>\n<li><strong>Senaryo:<\/strong> Mikroservis, \u00e7ok seviye alt alan (api.v2.magazam.com vb.)<br \/> <strong>\u00d6neri:<\/strong> Kritik alt alan gruplar\u0131 i\u00e7in ek Wildcard\u2019lar (<code>*.api.magazam.com<\/code>) + gerekiyorsa s\u0131n\u0131rl\u0131 SAN kombinasyonlar\u0131<\/li>\n<\/ul>\n<h2><span id=\"DCHost_Tarafinda_Nasil_Yardimci_Oluyoruz\">DCHost Taraf\u0131nda Nas\u0131l Yard\u0131mc\u0131 Oluyoruz?<\/span><\/h2>\n<p>DCHost olarak pek \u00e7ok e\u2011ticaret, SaaS ve \u00e7ok alan adl\u0131 projede ayn\u0131 sorularla tekrar tekrar kar\u015f\u0131la\u015f\u0131yoruz. Deneyimimiz g\u00f6steriyor ki sorun \u00e7o\u011fu zaman \u201changi sertifikay\u0131 alaca\u011f\u0131m?\u201ddan \u00e7ok, \u201c<strong>sertifikay\u0131 mimarinin neresine, nas\u0131l yerle\u015ftirece\u011fim?<\/strong>\u201d noktas\u0131nda d\u00fc\u011f\u00fcmleniyor.<\/p>\n<p>Altyap\u0131n\u0131z\u0131 bizden ald\u0131\u011f\u0131n\u0131zda (<a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a>, VPS, dedicated ya da colocation fark etmeksizin):<\/p>\n<ul>\n<li>Domain yap\u0131n\u0131z\u0131 ve b\u00fcy\u00fcme planlar\u0131n\u0131z\u0131 dinleyerek Wildcard \/ SAN \/ tek alan kombinasyonunu birlikte tasarl\u0131yoruz.<\/li>\n<li>Let\u2019s Encrypt tabanl\u0131 otomatik SSL kurulum ve yenileme s\u00fcre\u00e7lerini CI\/CD\u2019nize entegre etmenize yard\u0131mc\u0131 oluyoruz.<\/li>\n<li>Gerekirse staging ve canl\u0131 ortamlar i\u00e7in ayr\u0131 sertifika stratejileri belirleyerek riskleri b\u00f6l\u00fcyoruz.<\/li>\n<li>HTTP \u2192 HTTPS ge\u00e7i\u015flerinde y\u00f6nlendirme, HSTS ve g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131 sertifika stratejinizle uyumlu h\u00e2le getiriyoruz.<\/li>\n<\/ul>\n<p>\u00d6zellikle y\u00fcksek hacimli e\u2011ticaret sitelerinde TLS ayarlar\u0131, HTTP\/2\u2011HTTP\/3, OCSP stapling ve modern \u015fifre paketleri gibi detaylar do\u011frudan Core Web Vitals skorlar\u0131n\u0131za yans\u0131yor. Bu tarafta daha derin optimizasyon d\u00fc\u015f\u00fcn\u00fcyorsan\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/ssl-tls-protokol-guncellemeleri-modern-https-icin-net-yol-haritasi\/\">modern HTTPS i\u00e7in SSL\/TLS g\u00fcncellemelerini anlatt\u0131\u011f\u0131m\u0131z rehber<\/a> ve <a href=\"https:\/\/www.dchost.com\/blog\/core-web-vitals-ve-hosting-altyapisi-ttfb-lcp-ve-clsyi-sunucu-tarafinda-iyilestirme-rehberi\/\">Core Web Vitals odakl\u0131 sunucu taraf\u0131 iyile\u015ftirme yaz\u0131m\u0131z<\/a> iyi bir ba\u015flang\u0131\u00e7 noktas\u0131 olur.<\/p>\n<h2><span id=\"Sonuc_Tek_Dogru_Yok_Ama_Yanlis_Kombinasyonlar_Cok\">Sonu\u00e7: Tek Do\u011fru Yok, Ama Yanl\u0131\u015f Kombinasyonlar \u00c7ok<\/span><\/h2>\n<p>Wildcard SSL mi SAN (Multi\u2011Domain) sertifika m\u0131 sorusunun herkese uyan tek bir cevab\u0131 yok. Ancak elinizde net baz\u0131 kriterler olursa, yanl\u0131\u015f kombinasyonlara d\u00fc\u015fme ihtimaliniz ciddi \u015fekilde azal\u0131r:<\/p>\n<ul>\n<li>Tek marka ve alt alan odakl\u0131 bir yap\u0131daysan\u0131z <strong>Wildcard<\/strong> genellikle en pratik \u00e7\u00f6z\u00fcm.<\/li>\n<li>\u00c7ok TLD ve \u00e7ok marka senaryolar\u0131nda <strong>SAN sertifikalar<\/strong> devreye giriyor, ama m\u00fc\u015fteriler aras\u0131 izolasyondan \u00f6d\u00fcn vermemek \u015fart\u0131yla.<\/li>\n<li>G\u00fcvenlik taraf\u0131nda tek sertifika ile a\u015f\u0131r\u0131 b\u00fcy\u00fck bir alan\u0131 kapsamak yerine, <strong>mant\u0131kl\u0131 segmentlere b\u00f6l\u00fcnm\u00fc\u015f sertifika setleri<\/strong> ile anahtar y\u00f6netimini kolayla\u015ft\u0131rmak daha sa\u011fl\u0131kl\u0131.<\/li>\n<li>Let\u2019s Encrypt ve ACME otomasyonlar\u0131 sayesinde, do\u011fru kuruldu\u011funda hem Wildcard hem SAN sertifikalar manuel i\u015f y\u00fck\u00fc yaratmadan y\u00f6netilebilir.<\/li>\n<\/ul>\n<p>Yeni bir e\u2011ticaret projesine ba\u015fl\u0131yorsan\u0131z ya da mevcut yap\u0131n\u0131z\u0131 yeniden tasarl\u0131yorsan\u0131z, DNS, SSL ve hosting mimarisini en ba\u015ftan birlikte d\u00fc\u015f\u00fcnmek uzun vadede ciddi zaman ve para kazand\u0131r\u0131yor. DCHost ekibi olarak, domain yap\u0131n\u0131zdan PCI DSS gereksinimlerinize, HTTP\/3 performans\u0131ndan otomatik yedekleme stratejilerinize kadar t\u00fcm mimariyi b\u00fct\u00fcnc\u00fcl ele al\u0131yoruz. Mevcut sitenizde hangi sertifika tipinin daha do\u011fru olaca\u011f\u0131n\u0131 netle\u015ftirmek ya da yeni projeniz i\u00e7in sa\u011flam bir SSL stratejisi kurmak isterseniz, destek ekibimizle ileti\u015fime ge\u00e7meniz yeterli.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>E\u2011ticaret ya da \u00e7ok alan adl\u0131 (multi\u2011domain) bir mimari kurarken ka\u00e7 \u00e7ekirdek, ne kadar RAM sorular\u0131n\u0131 \u00e7\u00f6zmek genelde daha kolayd\u0131r. As\u0131l kafa kar\u0131\u015ft\u0131ran noktalar \u00e7o\u011fu zaman DNS ve SSL taraf\u0131nda ortaya \u00e7\u0131kar. Ayn\u0131 markan\u0131n birden fazla alt alan\u0131, farkl\u0131 \u00fclke siteleri, \u00f6deme sayfalar\u0131, API u\u00e7lar\u0131, hatta ayr\u0131 markalar devreye girdik\u00e7e \u015fu soru tekrar tekrar masaya [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3623,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-3622","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=3622"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3622\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/3623"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=3622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=3622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=3622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}