There was a time when we needed to purchase separate SSL certificates for all our websites and subdomains. This used to result in a significant amount of administrative work and cost. Fortunately, that’s not the case anymore. Today we have products like wildcard SSL certificates and Multi-Domain (SAN/UCC) certificates to help to secure all sub-domains and multiple different domains with a single certificate.
However, the thing is that many people don’t understand the difference between these both products and where each of these products should be used. Therefore, in this article we’re going to do the same – understanding the difference between wildcard and Multi-Domain (SAN) SSL certificates and where each of them should be used. Let’s begin:
Multi-Domain SSL and Wildcard SSL : The Difference
Wildcard SSL certificates allow you to protect multiple sub-domains with a single certificate. For example, you can purchase one wildcard certificate for your website example.com and that certificate will protect login.example.com, blog.example.com and so on.
Multi-Domain SSL certificates also known as SAN or UCC certificates that allow you to protect multiple different domain names with a single certificate. For example, you can get a SAN certificate for example.com and that certificate can be used to protect example1.com.au, example2.co.uk and so on. You just need to add the SAN entries of all your domains to the SAN certificate while generating it, and the certificate generated with those entries will protect all your desired domains.
Wildcard SSL vs Multi-Domain SSL – Benefits & Limitations
Both these types of certificates have their own advantages and limitations. Here we’ll try to explore those benefits and limitations in greater detail:
|Wildcard SSL Certificate||Multi-Domain SSL Certificate|
|Benefits of Wildcard Certificates||Benefits of Multi-Domain (SAN) certificates|
|Wildcard character (*) just before fully qualified domain name allows protection of unlimited sub-domains that makes it more flexible solution for webmasters.||Multi-Domain SAN certificates are intended to protect multiple domains/sub-domains with a single certificate. As you can expect, this leads to easy maintenance and reduced administrative costs.|
|The main advantage of wildcard certificates is that maintaining them is very easy. That is because you need to manage one certificate only for all your present and future sub-domains. This leads to less administrative cost.||It can protect different domain names like example1.com, example2.org, mail.exmaple3.com, shop.online.exmaple4.com, example99.com. where each domain names are count as separate SAN names.|
|You can add new sub-domains during certificate lifespan without updating or reissuing your certificate.|
|Limitations of Wildcard Certificates||Limitations of Multi-Domain SAN certificates|
|A major limitation of wildcard certificates is that they can protect sub-domains at one specific domain level only. For example, you can protect sub.example.com, domain. example.com or other similar sub-domains with a wildcard certificate generated for example.com, but that certificate won’t work for sub.example2.com, login.sub.example.com or any other sub-domain that’s more than one level away from the root domain.||There’s a limit on how many domains you can protect with these certificates. Majority certificate authorities in the market won’t allow you to protect more than 250 domains. Some of them come with even more restrictions and allow protecting up to 25 domains only. That’s not too much of a problem though, because unless you’re running a huge enterprise, you won’t need to create more than 250 different domains.|
|Most Multi-Domain SSL certificate prices include the limited number of SAN entries, you need to pay extra for additional SAN licenses.|
When to Use Wildcard Certificates and Multi-Domain SSL?
If all you need is an SSL certificate that can protect your root domain and all its subdomains then a Wildcard SSL certificate is the best option for you. With wildcard certificates, you do not need to define the subdomains at the time of purchasing your certificate. Just provision the certificate for your root domain with an asterisk (*) in the beginning, and it’ll work for all your existing as well as future subdomains. No reissue will be required when you create a new sub-domain.
On the other hand, if you need protection for multiple domain names then a SAN certificate is the best way to protect all of them. For this certificate to work, however, you’ll need to define all your desired domain names at the time of certificate generation. And whenever you want to protect a new domain name, you’ll have to get your SAN certificate reissued with SAN entry of your new domain name along with entries of existing domain names.
One common use case of Multi-Domain SAN certificates is to protect the alternative domain names of a brand. For example, if your website address is domain.com but you also own domain.org and domain.net for brand protection, you can use a SAN certificate to protect all these domains.
Comodo Multi-Domain SSL
|Algorithm||SHA-2 Enabled||SHA-2 Enabled|
|Search Engine Visibility||SSL will boost Google rankings||SSL will boost Google rankings|
|Validation Type||Domain Validation – DV||Domain Validation – DV|
|Issuance Time||15 minutes or less||15 minutes or less|
|Domains Secured||Secure up to 100 domains||Unlimited subdomains|
|SSL Encryption||up to 256-bit||up to 256-bit|
|Green Browser Bar||No||–|
|Mobile & smartphone support||99%||99%|
|Client OS compatibility||99%||99%|
|Includes Malware Scan||No||–|
|Includes Trust Seal||Yes||–|
|SSL Reissuance||unlimited during certificate lifespan||unlimited during certificate lifespan|
|Warranty||$10,000 USD||$10,000 USD|
|Refund Policy||30 Day full money back||30 Day full money back|
While Multi-Domain SAN certificates allow us to protect multiple domains as well as subdomains with a single certificate, wildcard certificates help us achieve that with subdomains only. However, wildcards do not put a limit on how many subdomains we can protect with them, while Multi-Domain SAN certificates do. But that doesn’t make any of these two certificate types superior from each other – each of them has its own use cases, and that should be understood carefully before choosing either of these products for website protection. You should choose either of these products based on your current and future requirements.