Understanding Different Certificate Types

If you’re new to the world of SSL certificates, trying to find the certificate that best suits your needs can seem like an impossible task. Use this guide to find the perfect certificate to match your needs.

Single Domain Certificates

Single domain certificates are some of the most popular certificates that we offer. Offered by all vendors (Comodo, Symantec, GeoTrust, etc.), these simple certificates will secure your domain, without any additional fuss.

With some Certificate Authorities, when generating a single domain certificate for “www.domain.com,” the certificate will secure the non-www version of the domain as well, and vice versa. (These vendors are Thawte, Comodo and Certum.)

These certificates can be generated for sub-domains as well, such as “example.domain.com”. When generating the certificate for this format, no additional sub-domains will be secured, and your certificate will be issued to the domain listed.

Wildcard Certificates

Wildcard certificates are popular among clients that need to secure multiple sub-domains for a domain. The Wildcard certificate is known throughout the industry for its unique requirement of a *, or asterisk, to be used during the generation process. Wildcard certificates are offered as DV (domain validated) and OV (organization validated).

When generating a CSR, or Certificate Signing Request, for a Wildcard certificate, your Common Name would need to be in the format, “*.domain.com”. The “*” is a placeholder. This symbol means that every sub-domain that comes before “domain.com” will be secured.

A certificate issued out for “*.domain.com” will secure an unlimited amount of sub-domains, such as secure.domain.com, admin.domain.com, www.domain.com, example.domain.com, etc.

Wildcard certificates can also be issued for second-level sub-domains as well, though there are stipulations. A certificate generated for “*.sub.domain.com” will secure an unlimited amount of sub-domains for “sub.domain.com”. The certificate will not secure first level sub-domains in this situation; it will only secure the sub-domains found before “sub.domain.com”.

Multi-Domain (SAN) Certificates

Multi-Domain and Unified Communications Certificates (UCC) protect multiple fully qualified domain names (“www.domain.com”). Certain server environments will not allow multiple certificates to be installed, so this is an easy and cost-effective solution to combat that issue. Multi-Domain certificates are offered as DV, OV, and EV (extended validation).

Multi-Domain certificates allow you to include up to 250 SANs, or Subject Alternative Names with a single certificate. These certificates require domain-validation on all of the SANs before they become active.

When inspecting a site that is secured with a Multi-Domain Certificate (or Multi-Domain Wildcard Certificate), the list of SANs included on that certificate can be viewed by anyone. We usually do not recommend these certificates to people who are covering their client’s websites, and do not want the sites to be connect to one another .

Multi-Domain Wildcard Certificates

Multi-Domain Wildcard certificates are unique in the fact that there is nothing it cannot secure. The Multi-Domain Wildcard certificates are often used for organizations with complicated web-infrastructure. These certificates will secure up to 250 domains on a single certificate, depending on the vendor.

To generate a CSR for a Multi-Domain Wildcard, the Common Name must be a fully qualified domain name (www.domain.com). Once the CSR is submitted, you can list your SANs. Your SANs list can be composed of fully qualified domain names (www.domain.com), Wildcards (*.domain.com), or a mix of both. Multi-Domain Wildcard certificates are also able to secure multi-level sub-domains and public-facing IP addresses.

Once generated, the Multi-Domain Wildcard certificate will be installed as a single certificate to your server. This can be very helpful when you are trying to secure multiple domains. Unfortunately, this also means that if the time comes to alter the information on the certificate (such as adding another domain), all domains must be re-validated before the certificate goes active again.

If you have any questions, or need help determining which certificate is for you, feel free to contact our support team.

Was this article helpful?

Related Articles