SSL certificates can also be differentiated based on the number of domains or subdomains they protect. The different types of SSL certificate on this bases are — Standard, Wildcard, and Multi-Domain/ SAN/ UCC. You may use this guide to find the perfect certificate to match your needs.
Single Domain Certificates
This is the most basic package. These simple certificates will secure a single fully qualified domain name (FQDN) with no additional subdomains. For example, it can only secure .domain.com, nothing else. It is most suitable for website owners with a single website and no subdomains within that website.
With some Certificate Authorities, when generating a single domain certificate for “www.domain.com", the certificate will secure the non-www version of the domain as well, and vice versa.
Wildcard Certificates
Can simultaneously secure multiple subdomains within a single FQDN. For example, if you have a domain called .domain.com, it can also secure login.domain.com, payment.domain.com, admin.domain.com and marketing.domain.com. It is most suitable for website owners with a single primary domain but various subsets and subdomains within that.
Wildcard certificates offer full encryption for the subdomains, making them an affordable and effective solution for most websites. In order to secure the various subdomains, you have to add an asterisk (*) before the primary domain name. The “*” is a placeholder. This symbol means that every sub-domain that comes before “domain.com” will be secured. For example, you have to enter *.domain.com when purchasing the certificate.
Wildcard certificates can also be issued for second-level sub-domains as well, though there are stipulations. A certificate generated for “*.sub.domain.com” will secure an unlimited amount of sub-domains for “sub.domain.com”. The certificate will not secure first level sub-domains in this situation; it will only secure the sub-domains found before “sub.domain.com”.
Multi-Domain Certificates
Also known as Subject Alternative Name Certificates (SAN) and Unified Communication Certificate (UCC). They allow a single certificate to secure multiple domains, including sub-domains of a single main domain name or entirely different domain names. They allow you to include up to 250 SANs, or Subject Alternative Names with a single certificate. The Unified Communications type is designed for the Microsoft Exchange and Microsoft Office Communication Server environments. These certificates require domain-validation on all of the SANs before they become active. It is most suitable for large businesses and organizations with several websites, all with their own set of subdomains.
Multi-Domain (SAN) Certificates provide a convenient option for organizations that own a lot of domains and are looking for a simplified way to secure them through a single solution rather than purchasing an individual certificate for each. Certain server environments will not allow multiple certificates to be installed, so this is also an easy and cost-effective solution to combat that issue. For example, it can secure .domain.com, .domain.org, .website.com, .website.org, and all of their subdomains.
When inspecting a site that is secured with a Multi-Domain Certificate, the list of SANs included on that certificate can be viewed by anyone. We usually do not recommend these certificates to those who are covering their client’s websites, and do not want the sites to be connect to one another.
|