There was a time when a website’s security was not very important. Nowadays though, website security is of the utmost importance for visitors, and even more important for buyers. People need to trust a website in order to give it sensitive data, such as credit card info, passwords, etc. Earning your visitor’s trust is about to become even more difficult as many browsers are planning, among other things, to feature safety warnings right next to any unsecure site that handles passwords or credit cards. This way, people won’t even have to see a website to know that it is not secure. Naturally, this makes encryption and validation almost obligatory for any website that wants to have visitors.
Generally, a domain name or URL requires just one certificate to be secure. But what if you need to secure multiple domains? How can you manage their security without sacrificing budget and time?
This article explains what Multiple Domain certification is, how it works and when it is needed.
Securing Multiple Domains
Securing multiple domains can be achieved with 2 approaches, Wildcard certificates and Unified Communications Certificates (UCC), also known as SAN (Subject Alternative Name). SAN lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, while a Wildcard certificate can support a single domain and an unlimited number of first-level subdomains. SAN/UCC can also be combined as an extension with a Wildcard to add functionality to the certificate. You can combine these two certificates as a Multi-domain Wildcard SSL Certificate depending on your needs. This makes managing the security of multiple websites much easier and cheaper than managing a separate SSL certificate for every domain you own.
Benefits of using SAN
- Easy to manage: SAN certificates require a CSR to be issued only for the main domain name of the certificate and not for every domain name or service that might be added later. This allows you to manage every domain name through a single certificate.
- Unique dedicated IP: Unlike other certificates that require a dedicated IP for every domain name, SAN certificates allow for the usage of a single IP for all the services that are going to be featured.
- Value increase: SAN certificates can add a great amount of value to your services thanks to their almost 100% compatibility rate with browsers and mobile browsers and the high standards for their issuance (full organization validation).
- Cost saving: In contrast to buying separate certificates, a SAN SSL’s ability to support up to 100 different host names drastically reduces the cost for certification.
Do you need a Multi-Domain Certificate?
Going for a SAN certificate is recommended when you need to secure multiple services with different root name. Wildcard certificates have a similar but fundamentally different function. The difference between the two is that Wildcard certificates can be issued for only one unique root name (e.g. *.mydomain.com) and used for any number of sub-domains that are based on the root (e.g. ftp.mydomain.com, blog.mydomain.com, etc). Therefore, if you need to secure unique FQDNs that correspond to different root name, then SAN is the best solution.
Some examples of unique FQDNs being used:
- If you are offering Shared Hosting services and are interested in securing multiple guest domain names.
- If you are making quality assurance checks for different domain names.
- If you offer application services (ASP) to multiple clients and every client uses their own unique domain name.
- If you are using, for your organization/company, public and private services with different root names and need to secure them.
- If you are using Microsoft Exchange Servers and Microsoft Lync Servers for mailing, VOIP and instant messaging services.
SAN certificates have some restrictions around their issuance and usage. Specifically:
The SSL is issued only for the central domain name of the certificate and not for all the domain names that will be supported by it. For this reason, the seal that comes with the certificate can only be activated through the main domain name, and not for the other SAN names. All SAN SSLs require full organization authentication, meaning that they have a very strict certification process. For this reason, these SSLs guarantee the highest level of security that a certificate can provide.
One of the most important characteristics of SAN certificates is their high compatibility rate with browsers, servers and email clients.
More specifically, they are very compatible with:
- Web Browsers (e.g. Mozilla, IE, Opera, etc.)
- Micro Browsers (e.g. Netfront, Palm/ Handspring Blazer, Microsoft IE Pocket PC, etc.)
- Email Clients (e.g. Mozilla Thunderbird 1.0, etc.)
- Application Clients and Servers (e.g. Sun J2SE, BM Web Sphere Micro Environment, etc.)
- Web Servers (e.g. Apache, Hsphere, Plesk, cPanel, etc.)
- Mail Servers (Microsoft Exchange 2007/ 2010, etc.)
Thanks to their nearly global recognition by devices (portable or not) like PDAs, Smartphones and many others, the user no longer needs to install a root certificate in every device separately.
How does a Multi-Domain Certificate Work?
Multi-domain certificates are just like regular SSL certificates. They offer exactly the same type and quality of encryption, they come in Domain, Organization and Extended Validation, and are recognized by almost all devices.
There is only one key difference. They have a SAN extension that specifies all the domain names that are covered by the certificate. You can even view those names if you click on the padlock on an https page and go to the details tab of the certificate. In the “Subject Alternative Name” field you will find a list of all the names covered by that particular certificate.
Selecting the right Multi-Domain Certificate
Even though SSL certificates are standardized, their issuers can have vast differences. When shopping for a multi-domain certificate, there are a few things you should keep in mind.
- Brand name matters: If you are an e-commerce site you just cannot afford to go for a less reputable company just to save some money on the certificate. Customers and partners will care, and they will actively look into your certificate to make sure you are taking their safety seriously. Look for a solid, reputable company.
- Know what you need: Different certificates allow for different numbers of domains to be supported. Plan how many domain names you will need and don’t buy any less than that. Also, don’t buy much more than that as you will just be throwing your money away.
- Think ahead: Look into all the nuances of each certificate. How easy is it to modify the domain name list? How easy is it to maintain the certificate without needing help from the company? Make sure you will not regret your choice later on.
- Validation type: Your certificate’s type of validation is crucial no matter what you are doing, but even more so if you are securing publicly facing webpages. The web face of a company must inspire trust in potential clients and the best way to do that is an Extended Validation certificate, since it offers the most thorough verification process. If your site collects information, especially credit card info, then you most likely need an EV certificate for your visitors to trust you.
Security made simpler
Instead of buying and managing separate SSL certificates for every domain name, you can get a SAN certificate that costs less and allows for much easier management, therefore saving time. Any job that requires you to secure multiple domains, servers, IP addresses or other environments can be made vastly easier by using Multi-Domain certificates.