Jan 11, 2019 David Mizell Introduction-To

Which type of certificate is right for me?

So, you want a single certificate to cover multiple sites. Which type of certificate should you purchase? The type will depend on a number of variable including the number of sites, the number of base domains, what sub domains of the base domains are to be covered and also financial considerations and your company’s IT policies.

Multi-domain SAN SSL certificates

If you want to cover more than one registered base domain on a single certificate, such as yahoo.com and microsoft.com, then your only choice is a multi-domain SAN certificate. We offer several multi-domain SAN certificates both with and without EV features. Each certificate can cover up to 100 sites, from any registered domain name that you own, on the same certificate. Each individual site must be listed as either the Common Name (CN) or a SAN on the certificate.

See the multi-domain SAN certificates we currently offer from GeoTrust, Comodo and Symantec.

Pros
  • Secure up to 100 sites from any registered base domain on a single certificate.
  • Lower certificate management costs.
  • Add or change SAN names by purchasing additional SANs throughout the life of the certificate.
Cons
  • Each Site must be listed separately.
  • Certificate with more than 25 SANs may be difficult to administer.
  • Can get expensive.
Considerations
  • A single key pair used by more than one server can conflict with a Company’s IT Policies as it presents the potential for a single point of failure affecting multiple servers.

Wildcard SSL Certificates

A Wildcard certificate will cover any sub domain at a single level for a single registered base domain. The “*” in the Common Name (CN) of a wildcard certificate represents the variable. It is the single variable for the certificate.

Example: a Common Name of *.hawaii.com

Will secure...

hawaii.com
www.hawaii.com
maui.hawaii.com
oahu.hawaii.com
blog.hawaii.com
www.hawaii.com
big-island.hawaii.com

Will not secure...

maui.hawaii.net (different TLD)
big.island.hawaii.com (too many subdomains)
aloha.visit-hawaii.com (different domain)

DV vs OV Wildcard Certificates

We offer both Domain Validated (DV) wildcard certificates and Organization Validated (OV) wildcard certificates. The OV wildcard certificates include the organization name on the certificate (e.g., Gotham Books, Inc.) and are vetted by both validating the organization is registered and in good standing with the local registration authority and a full time employee of the organization has verified that the organization is indeed purchasing the certificate.

A DV certificate does not include any organization information and simply represents that a party that passed Domain Control Validation purchased the certificate but does not state who that party is. DV Certificates are approved via a simple email or DNS posting while OV certificate also require the organization validation and verification to be completed manually. DV certs are easier to get and can be issued within just minutes.

See the DV and OV wildcard certificates we currently offer from GeoTrust, Comodo and Symantec.

Pros
  • Secure unlimited sites from a single registered base domain at a single sub domain level.
  • Add new sites without having to reissue the cert.
  • Sites do not have to be separately listed.
Cons
  • Will only cover sites at the sub domain listed as the variable in the certificate name.
  • Base domain is covered as a SAN only for first level sub domain wildcard certificates.
  • Expensive.
Considerations
  • A Single DV w/SANs certificate will cover up to 5 sub domains for much less than the cost of a Wildcard and does not limit the SANs to a single sub domain.
  • A single key pair used by more than one server can conflict with a Company’s IT Policies as it presents the potential for a single point of failure affecting multiple servers.

Standard DV SSL w/SANs Certificates

The Standard DV SSL w/SANs Certificate will cover the Common Name plus up to 4 additional subdomains of the same base domain. This is our top selling certificate. The certificate is Domain Validated (DV) meaning it is approved via a simple email or DNS posting and does not carry any organization information.

Tip: If the Common Name on the certificate is for a first level sub domain such as www.domain.com or online.domain.com then the base domain of domain.com will be covered as a free SAN and not count toward the 4 additional SANs. SAN names can be from any subdomain level of the base domain and can be changed at any time during the life of the certificate.

Pros
  • Secure up to 5 sites from a single registered base domain at any sub domain level.
  • Issued quickly with simple approval process.
  • SANs can be changed throughout the life of the certificate.
  • Inexpensive and easy to get.
Cons
  • Will only cover sites that have the same base domain.
  • Does not include organization information.
  • Cannot expand beyond 4 SANs.
Considerations
  • Two Standard DV w/SANs certificates will cover up to 10 sub domains of the same base domain at any level for less than the cost of a wildcard certificate.
  • A single key pair used by more than one server can conflict with a Company’s IT Policies as it presents the potential for a single point of failure affecting multiple servers.

We currently offer one Standard DV SSL w/SANs certificate.

Additional Resources