What Is a Multi-Domain SSL Certificate?

If you have a website, it needs a Secure Sockets Layer (SSL) certificate for basic web security. Typically, each site should have its own SSL certificate. However, if you have multiple domains under your control, it can be worth it to use a single SSL certificate for all of them.

This is what’s called a multi-domain SSL certificate. It’s an option that can make your work drastically simpler in terms of certificate management and troubleshooting. Instead of having to keep track of multiple certificates, you can get a single one with different levels of validation.

In this article, we’ll talk about the concept of multi-domain SSL certificates and the different options you can choose from. Let’s get to it!

What Is a Multi-Domain SSL Certificate?

As the name implies, you can use a multi-domain SSL certificate for multiple websites. This type of SSL certificate is also known as a Subject Alternative Name (SAN) certificate. It can work for multiple domains and subdomains, making it a fantastic option for organizations with multi-domain portfolios.

Under typical circumstances, each domain should have one certificate. The goal of multi-domain certificates is to make it easier for organizations to validate multiple properties and to simplify SSL management (you won’t need to renew certificates one by one).

Naturally, the process for obtaining a multi-domain SSL certificate is more complicated than generating one for a single website. There are different levels of validation available depending on what type of multi-domain certificate you want, which we’ll cover in the next section.

The Different Types of Multi-Domain SSL Certificates

There are three types of multi-domain SSLs you can choose for your organization. These subject alternative name certificates vary depending on the level of domain validation you need.

The one you choose should depend on what kind of operation you’re running. To help you decide, we’ll explain the three main types of multi domain certificates and which makes sense for different scenarios.

Domain Validated (DV)

First up, let’s discuss a domain validated (DV) SSL option. This level of validation is similar to what you can expect when you obtain a free SSL certificate. In those situations, most authorities simply require you to validate ownership of the domain you want to issue the certificate for.

Domain validation is typically easy to prove. Some authorities will require you to confirm you own the email associated with the domains you want to verify. This information is available publicly online thanks to WHOIS records.

You can also prove domain ownership by using Domain Name System (DNS) validation. This type of validation involves getting a unique DNS record from the authority. Once you have the record (typically a .txt file), you’ll then need to add it to your domain’s DNS configuration and wait for the changes to update.

In either case, DV multi-domain SSL certificates tend to be easy to get, at least when compared with other validation methods. This level of validation is perfect for personal sites or small businesses, at least if you’re not a part of a large organization.

Organization Validated (OV)

Organization validation (OV) is a bit more complex than its domain validation counterpart. When you register an OV multi-domain SSL certificate, you need to validate the existence of your organization.

Depending on the registrar, this might mean they need a business ID or to be able to find your organization in a government or third-party database. Some authorities will also look for physical locations to verify that the organization is operative.

That means this process isn’t automatic and the certificate authority can take a while to validate your organization. In some cases, this period can be of up to a few days:

After validating the existence of the organization, the authority will check if you’re affiliated with it. Typically, they do this by using the business’ contact details to check if you’re authorized to request this type of certificate.

This is the type of SSL certificate you need to get if you run a large business or an organization. The requirements are more strict and the process is more involved, but this type of certificate can help you build trust with users. That’s because organization validation certificates prove to users they’re dealing with a real business and not a copycat.

Extended Validation (EV)

Extended validation (EV) is the most comprehensive type of certificate you can use to secure multiple domains for commercial entities. The term “extended” doesn’t necessarily refer to the duration of the certificate but to the process for obtaining one.

Just as with an OV certificate, EV certificates require you to be vetted by the issuing authority. The authority needs to carry out a standardized search into the organization to see if it exists (legally), if it’s currently operating, and if it has physical locations.

Due to the nature of the validation process, extended validation certificates are also among the most expensive options on the market. Moreover, the process can take anywhere from days to weeks, depending on the authority:

This type of certificate also comes with unique visual trust indicators in some browsers. EV certificates can sometimes display a green address bar alongside the traditional lock symbol that represents HTTPS.

However, due to how time-consuming the validation process can be, extended validation certificates are typically only a good option for high-profile organizations and websites. If you don’t need a rigorous validation process to protect your organization, other types of certificates are much easier to obtain.

What Is the Difference Between SAN Certificates and Wildcard Certificates?

As we mentioned, a multi-domain SAN is another name for multi-domain SSL certificates. The name SAN comes from the option to list multiple domains or “subject alternative names” in a certificate.

Wildcard certificates, on the other hand, are designed to secure a main domain and as many subdomains as needed. This can be an excellent alternative to an expensive, multi domain SSL certificate.

What’s more, quality web hosts such as SirsteveHQ, often allow you to add on wildcard certificates for an affordable price.

Additionally, with SirsteveHQ, you can search for and register your domain all in one place.

The main difference between a SAN and a wildcard certificate is that the latter only works with one domain name. You can use a multi-domain SAN for different domains, as they’re typically tied to an organization.

On the other hand, anyone can get a wildcard certificate for any type of site, as it’s a smarter option than issuing a digital certificate for each subdomain.

Conclusion

If you manage an organization with different domains and want to use a single certificate to secure them, you may want to use a multi-domain SSL certificate. You can opt for certificates with different levels of validation depending on your needs and what type of business you’re running.

Multi-domain SSL certificates can work with any of your domains. However, a wildcard certificate is also an excellent alternative. You can register as many domains as you need using SirsteveHQ and then purchase a wildcard SSL. Alternatively, you can separately seek out a certificate authority to set up a multi domain SSL certificate.

Do you have any questions about multi-domain SSL certificates? Let’s talk about them in the comments section below!