Loading...Taking a look at the various features of two of the most versatile SSL Certificate available
When it comes to securing your portfolio of websites, two of the most versatile SSL Certificates available are the Multi-Domain SSL Certificate and the Wildcard SSL Certificate. Both are invaluable when it comes to encrypting multiple sites, but the two SSL Certificates also have some major differences.
In this article, we’ll explore Multi-Domain (SAN) SSL Certificates and Wildcard SSL Certificates in an effort to help you understand which of these options may be best for securing your websites.
Multi-Domain SSL
Multi-Domain SSL Certificates were created to encrypt multiple websites. This can be useful in a large number of contexts. A company may have multiple different domains that they wish to secure on a single certificate, or it may have the same domain with different TLDs (Top-Level Domains).
Let’s look at a couple of different examples where a Multi-Domain SSL Certificate could be useful. Say a large company has several different brands of product, all of which have their own website. We’ll call their main domain, www.big-company.com. This big company also wants to secure several of its brand websites, we’ll call those:
- www.brand-one.com
- www.brand-two.com
- www.brand-three.com
A Multi-Domain SSL Certificate would give that company the flexibility to encrypt all three sites on the same certificate. This ultimately saves them money, and it eases the administrative burden of keeping up with what would otherwise be four different SSL Certificates and managing their installation, updating and renewals.
Now let’s look at a second example. Say a company has a multi-national presence. We’ll stick with www.big-company.com for right now. This company also wants to have operational websites in other countries which requires different TLDs. We’ll say those are:
- www.big-company.eu
- www.big-company.au
- www.big-company.in
Again, rather than purchase four separate certificates, this company could simply employ a Multi-Domain SSL Certificate and encrypt all four at once. Again, this eases administrative burdens and saves money.
Multi-Domain SSL Certificates work by first securing the main domain, and then each additional domain is covered as a SAN (Subject Alternative Name). When the SSL Certificate is purchased and the CSR is filled out, each website that will be encrypted is entered as a SAN.
Most Multi-Domain SSL Certificates are sold with a set number of SANs included—usually four. Additional SANs can be purchased as needed. The exact number varies by certificate, but it can be five, 25 or even 100. While purchasing additional SANs can drive up the cost of the certificate, the company is still seeing savings over what it would cost to secure each site individually with a single-domain cert.
At any point in the lifespan of the certificate, a company can add SANs or change SANs, simply by re-issuing the certificate after updating the SAN fields.
There is one drawback to Multi-Domain SSL Certificates: all of the websites encrypted on the certificate appear in the certificate details. Why would this be a problem? Well, if a company has brands or DBAs that it doesn’t necessarily want publicly associated with one another, their association will become obvious as soon as somebody looks at the certificate details.
For instance, in the world of craft beer many of the smaller micro-breweries are actually owned by large conglomerates. It may not be beneficial for those brands to disclose that information though. However, if the conglomerate opts to use a multi-domain certificate to encrypt that brewery’s site, the fact they are owned by a larger company will be obvious as soon as someone investigates the certificate details.
This is usually not an issue, but it is worth noting.
Wildcard SSL
A Wildcard SSL Certificate can encrypt one main domain and an unlimited number of Sub-Domains. A Sub-Domain is the segment of the URL that comes before the domain name. So for instance, let’s say our example website, www.big-company.com, has several Sub-Domains. We’ll call them:
- mail.big-company.com
- ftp.big-company.com
- login.big-company.com
In this scenario, a Multi-Domain SSL Certificate could also secure those sites, but it would be more expensive than it needed to be. It would be more cost-effective to use a Wildcard SSL Certificate in this scenario. A Wildcard SSL Certificate can secure an unlimited number of Sub-Domains, and unlike Multi-Domain certificates, you don’t have to buy SANs as you go.
Rather, during the generation process, you use an asterisk (*.big-company.com) to denote Sub-Domains will be covered and once the SSL Certificate is installed and configured properly, all Sub-Domains will be encrypted. It adds encryption to the bunch of subdomains using wildcard ssl certificate multiple level subdomains security.
Wildcard SSL Certificates also serve “future-proof” websites by ensuring that any Sub-Domains that are yet to be added can still be encrypted during the lifespan of the certificate. In order to do this, the certificate must be re-issued (which is free) and it will begin covering any subsequent Sub-Domains that have since been added.
The one drawback to Wildcard SSL Certificate is that they are not available in Extended Validation form. Whereas Multi-Domain SSL Certificates can be issued as EV, Wildcards can’t. They are still available in Organization Validation if you want Business Authentication. But no EV.
Industry’s Most Influencing Multi-Domain SSL and Wildcard SSL Certificates Comparison
| Certificate Authority | GeoTrust | GeoTrust | RapidSSL | GeoTrust |
|---|---|---|---|---|
| Product Name | True BusinessID Multi Domain | True BusinessID Multi Domain Wildcard | RapidSSL Wildcard SSL | GeoTrust Wildcard SSL |
| Domain Coverage | Multiple Domains | Multiple Domains & Sub-domains | Unlimited Sub Domains | Unlimited Sub Domains |
| Validation Require | Organization Validation | Organization Validation | Domain Validation | Basic Organization & Domain |
| Encryption Strength | 256 Bit | 256 Bit | 256 Bit | 256 Bit |
| Issuance | 1 to 3 Business Days | 1 to 3 Business Days | In Minutes | 1 to 3 Business Days |
| SAN Compatibility | Yes | Yes | No | No |
| Wildcard Support | No | Yes | Yes | Yes |
| Server Licensing | Unlimited | Unlimited | Unlimited | Unlimited |
| Warranty | 1250000 | 1250000 | 10000 | 1250000 |
| Site Seal | Dynamic | Dynamic | Static | Dynamic |
| Browser Support | 99.99% | 99.99% | 99.99% | 99.99% |
| Mobile Browser Support | Yes | Yes | Yes | Yes |
| Reissue | Unlimited | Unlimited | Unlimited | Unlimited |
| SEO Boost Up | Yes | Yes | Yes | Yes |
| 24/7 Support | Yes | Yes | Yes | Yes |
| 30 Days Refund Policy | Yes | Yes | Yes | Yes |
| 1 Year Price | $278 | $479 | $149 | $439 |
| 2 Year Price | $235 Per Year | $471 Per Year | $129 Per Year | $384 Per Year |
| Read More | Read More | Read More | Read More |
Conclusion
SAN or UCC SSL Certificate ( Multi-Domain SSL) and Wildcard SSL Certificate are two of the most versatile certificates available. And while they both share similarities, each also has its own distinctions as well. If you’re securing one main domain and a number of Sub-Domains, you’ll want to use a Wildcard. If you have multiple domain names or the same domain with multiple TLDs, then a Multi-Domain Certificate is the way to go.
There’s even a Multi-Domain Wildcard SSL Certificate —but that’s a discussion for another day. Just remember, regardless of what your portfolio of websites looks like, there’s an optimal security solution that fits it.
