The Difference Between Multi-Domain SSL and Wildcard SSL Certificates

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Taking a look at the various features of two of the most versatile SSL Certificate available

When it comes to securing your portfolio of websites, two of the most versatile SSL Certificates available are the Multi-Domain SSL Certificate and the Wildcard SSL Certificate. Both are invaluable when it comes to encrypting multiple sites, but the two SSL Certificates also have some major differences.

In this article, we’ll explore Multi-Domain (SAN) SSL Certificates and Wildcard SSL Certificates in an effort to help you understand which of these options may be best for securing your websites.

Multi-Domain SSL

Multi-Domain SSL Certificates were created to encrypt multiple websites. This can be useful in a large number of contexts. A company may have multiple different domains that they wish to secure on a single certificate, or it may have the same domain with different TLDs (Top-Level Domains).

Let’s look at a couple of different examples where a Multi-Domain SSL Certificate could be useful. Say a large company has several different brands of product, all of which have their own website. We’ll call their main domain, www.big-company.com. This big company also wants to secure several of its brand websites, we’ll call those:

  • www.brand-one.com
  • www.brand-two.com
  • www.brand-three.com

A Multi-Domain SSL Certificate would give that company the flexibility to encrypt all three sites on the same certificate. This ultimately saves them money, and it eases the administrative burden of keeping up with what would otherwise be four different SSL Certificates and managing their installation, updating and renewals.

Now let’s look at a second example. Say a company has a multi-national presence. We’ll stick with www.big-company.com for right now. This company also wants to have operational websites in other countries which requires different TLDs. We’ll say those are:

  • www.big-company.eu
  • www.big-company.au
  • www.big-company.in

Again, rather than purchase four separate certificates, this company could simply employ a Multi-Domain SSL Certificate and encrypt all four at once. Again, this eases administrative burdens and saves money.

Multi-Domain SSL Certificates work by first securing the main domain, and then each additional domain is covered as a SAN (Subject Alternative Name). When the SSL Certificate is purchased and the CSR is filled out, each website that will be encrypted is entered as a SAN.

Most Multi-Domain SSL Certificates are sold with a set number of SANs included—usually four. Additional SANs can be purchased as needed. The exact number varies by certificate, but it can be five, 25 or even 100. While purchasing additional SANs can drive up the cost of the certificate, the company is still seeing savings over what it would cost to secure each site individually with a single-domain cert.

At any point in the lifespan of the certificate, a company can add SANs or change SANs, simply by re-issuing the certificate after updating the SAN fields.

There is one drawback to Multi-Domain SSL Certificates: all of the websites encrypted on the certificate appear in the certificate details. Why would this be a problem? Well, if a company has brands or DBAs that it doesn’t necessarily want publicly associated with one another, their association will become obvious as soon as somebody looks at the certificate details.

For instance, in the world of craft beer many of the smaller micro-breweries are actually owned by large conglomerates. It may not be beneficial for those brands to disclose that information though. However, if the conglomerate opts to use a multi-domain certificate to encrypt that brewery’s site, the fact they are owned by a larger company will be obvious as soon as someone investigates the certificate details.

This is usually not an issue, but it is worth noting.

Wildcard SSL

A Wildcard SSL Certificate can encrypt one main domain and an unlimited number of Sub-Domains.  A Sub-Domain is the segment of the URL that comes before the domain name. So for instance, let’s say our example website, www.big-company.com, has several Sub-Domains. We’ll call them:

  • mail.big-company.com
  • ftp.big-company.com
  • login.big-company.com

In this scenario, a Multi-Domain SSL Certificate could also secure those sites, but it would be more expensive than it needed to be. It would be more cost-effective to use a Wildcard SSL Certificate in this scenario. A Wildcard SSL Certificate can secure an unlimited number of Sub-Domains, and unlike Multi-Domain certificates, you don’t have to buy SANs as you go.

Rather, during the generation process, you use an asterisk (*.big-company.com) to denote Sub-Domains will be covered and once the SSL Certificate is installed and configured properly, all Sub-Domains will be encrypted.  It adds encryption to the bunch of subdomains using wildcard ssl certificate multiple level subdomains security.

Wildcard SSL Certificates also serve “future-proof” websites by ensuring that any Sub-Domains that are yet to be added can still be encrypted during the lifespan of the certificate. In order to do this, the certificate must be re-issued (which is free) and it will begin covering any subsequent Sub-Domains that have since been added.

The one drawback to Wildcard SSL Certificate is that they are not available in Extended Validation form. Whereas Multi-Domain SSL Certificates can be issued as EV, Wildcards can’t. They are still available in Organization Validation if you want Business Authentication. But no EV.

Industry’s Most Influencing Multi-Domain SSL and Wildcard SSL Certificates Comparison

Certificate AuthorityGeoTrustGeoTrustRapidSSLGeoTrust
Product NameTrue BusinessID Multi DomainTrue BusinessID Multi Domain WildcardRapidSSL Wildcard SSLGeoTrust Wildcard SSL
Domain Coverage
Multiple DomainsMultiple Domains & Sub-domainsUnlimited Sub DomainsUnlimited Sub Domains
Validation Require
Organization Validation
Organization Validation
Domain Validation
Basic Organization & Domain
Encryption Strength
256 Bit
256 Bit
256 Bit
256 Bit
Issuance
1 to 3 Business Days
1 to 3 Business Days
In Minutes
1 to 3 Business Days
SAN Compatibility
Yes
Yes
No
No
Wildcard Support
No
Yes
Yes
Yes
Server Licensing
Unlimited
Unlimited
Unlimited
Unlimited
Warranty
1250000
1250000
10000
1250000
Site Seal
Dynamic
Dynamic
Static
Dynamic
Browser Support
99.99%
99.99%
99.99%
99.99%
Mobile Browser Support
Yes
Yes
Yes
Yes
Reissue
Unlimited
Unlimited
Unlimited
Unlimited
SEO Boost Up
Yes
Yes
Yes
Yes
24/7 Support
Yes
Yes
Yes
Yes
30 Days Refund Policy
YesYesYesYes
1 Year Price
$278
$479
$149
$439
2 Year Price
$235 Per Year
$471 Per Year
$129 Per Year
$384 Per Year
Read MoreRead MoreRead MoreRead More

Conclusion

SAN or UCC SSL Certificate ( Multi-Domain SSL) and Wildcard SSL Certificate are two of the most versatile certificates available. And while they both share similarities, each also has its own distinctions as well. If you’re securing one main domain and a number of Sub-Domains, you’ll want to use a Wildcard. If you have multiple domain names or the same domain with multiple TLDs, then a Multi-Domain Certificate is the way to go.

There’s even a Multi-Domain Wildcard SSL Certificate —but that’s a discussion for another day. Just remember, regardless of what your portfolio of websites looks like, there’s an optimal security solution that fits it.

 

Other Multi-Domain SSL or SAN SSL Related Resources

About RapidSSLonline

Jim Armstrong works with rapidSSLonline.com to provide customized support and solutions to businesses that seek SSL solutions. RapidSSLonline provides cheap SSL certificates including wide range of SSL security products like WildCard SSL, EV SSL, SAN SSL, and Code Signing Certificate to maximize security for your data and transactions on web. His considerable knowledge of SSL includes brands like VeriSign, Thawte and Trustwave. Interested parties should contact rapidSSLonline.com by calling 727-388-4240 or by visiting http://www.rapidsslonline.com.