Knowledgebase

Understanding Different Certificate Types

If you’re new to the world of SSL certificates, trying to find the certificate that best suits your needs can seem like an impossible task. Use this guide to find the perfect certificate to match your needs.

Single Domain Certificates

Single domain certificates are some of the most popular certificates that we offer. Offered by all vendors (Comodo, Symantec, GeoTrust, etc.), these simple certificates will secure your domain, without any additional fuss.

With some Certificate Authorities, when generating a single domain certificate for “www.domain.com,” the certificate will secure the non-www version of the domain as well, and vice versa. (These vendors are Thawte, Comodo and Certum.)

These certificates can be generated for sub-domains as well, such as “example.domain.com”. When generating the certificate for this format, no additional sub-domains will be secured, and your certificate will be issued to the domain listed.

Wildcard Certificates

Wildcard certificates are popular among clients that need to secure multiple sub-domains for a domain. The Wildcard certificate is known throughout the industry for its unique requirement of a *, or asterisk, to be used during the generation process. Wildcard certificates are offered as DV (domain validated) and OV (organization validated).

When generating a CSR, or Certificate Signing Request, for a Wildcard certificate, your Common Name would need to be in the format, “*.domain.com”. The “*” is a placeholder. This symbol means that every sub-domain that comes before “domain.com” will be secured.

A certificate issued out for “*.domain.com” will secure an unlimited amount of sub-domains, such as secure.domain.com, admin.domain.com, www.domain.com, example.domain.com, etc.

Wildcard certificates can also be issued for second-level sub-domains as well, though there are stipulations. A certificate generated for “*.sub.domain.com” will secure an unlimited amount of sub-domains for “sub.domain.com”. The certificate will not secure first level sub-domains in this situation; it will only secure the sub-domains found before “sub.domain.com”.

Wildcard SSL Support Domain Names

Multi-Domain (SAN) Certificates

Multi-Domain and Unified Communications Certificates (UCC) protect multiple fully qualified domain names (“www.domain.com”). Certain server environments will not allow multiple certificates to be installed, so this is an easy and cost-effective solution to combat that issue. Multi-Domain certificates are offered as DV, OV, and EV (extended validation).

Multi-Domain certificates allow you to include up to 250 SANs, or Subject Alternative Names with a single certificate. These certificates require domain-validation on all of the SANs before they become active.

When inspecting a site that is secured with a Multi-Domain Certificate (or Multi-Domain Wildcard Certificate), the list of SANs included on that certificate can be viewed by anyone. We usually do not recommend these certificates to people who are covering their client’s websites, and do not want the sites to be connect to one another .

Different types of SSL/TLS Certificates

Multi-Domain Wildcard Certificates

Multi-Domain Wildcard certificates are unique in the fact that there is nothing it cannot secure. The Multi-Domain Wildcard certificates are often used for organizations with complicated web-infrastructure. These certificates will secure up to 250 domains on a single certificate, depending on the vendor.

To generate a CSR for a Multi-Domain Wildcard, the Common Name must be a fully qualified domain name (www.domain.com). Once the CSR is submitted, you can list your SANs. Your SANs list can be composed of fully qualified domain names (www.domain.com), Wildcards (*.domain.com), or a mix of both. Multi-Domain Wildcard certificates are also able to secure multi-level sub-domains and public-facing IP addresses.

Once generated, the Multi-Domain Wildcard certificate will be installed as a single certificate to your server. This can be very helpful when you are trying to secure multiple domains. Unfortunately, this also means that if the time comes to alter the information on the certificate (such as adding another domain), all domains must be re-validated before the certificate goes active again.

If you have any questions, or need help determining which certificate is for you, feel free to contact our support team.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 All About Private Keys

Your private key is the single most important component of your SSL certificate. It’s what gives you the power to authenticate your website to internet users, helps to enable encryption and prevents others from impersonating you. You’re going to...

 What is Certificate Transparency

Why logging SSL certificates makes the internet safer Certificate Transparency is a mechanism used to publicly log SSL certificates, this helps website owners and watchdogs detect mis-issuance. Of all the threats facing the SSL industry,...

 Explaining the Chain of Trust

A brief overview of PKI (Private Key Infrastructure) and why your certificate is trusted. One of the most common questions we field is in relation to the “Chain of Trust.” If you’ve ever had any questions about roots, intermediates or how SSL...

 Understanding Hash Functions

Maybe now you’ll finally understand the name of our blog Hashing is simply the practice of using an algorithm to map data of any length to a fixed-length output. It’s useful in a number of ways and plays a role in several different types of...

 SSL Frequently Asked Questions

Have Questions? We’ve Got Answers. Get all the help you need from our friendly SSL experts. Sales/Order Processing Why are we cheaper? We are a very important Symantec & Comodo Platinum Partner and we purchase SSL certificates in extremely...

Powered by WHMCompleteSolution