Understanding Different Certificate Types

If you’re new to the world of SSL certificates, trying to find the certificate that best suits your needs can seem like an impossible task. Use this guide to find the perfect certificate to match your needs.

Single Domain Certificates

Single domain certificates are some of the most popular certificates that we offer. Offered by all vendors (Comodo, Symantec, GeoTrust, etc.), these simple certificates will secure your domain, without any additional fuss.

With some Certificate Authorities, when generating a single domain certificate for “,” the certificate will secure the non-www version of the domain as well, and vice versa. (These vendors are Thawte, Comodo and Certum.)

These certificates can be generated for sub-domains as well, such as “”. When generating the certificate for this format, no additional sub-domains will be secured, and your certificate will be issued to the domain listed.

Wildcard Certificates

Wildcard certificates are popular among clients that need to secure multiple sub-domains for a domain. The Wildcard certificate is known throughout the industry for its unique requirement of a *, or asterisk, to be used during the generation process. Wildcard certificates are offered as DV (domain validated) and OV (organization validated).

When generating a CSR, or Certificate Signing Request, for a Wildcard certificate, your Common Name would need to be in the format, “*”. The “*” is a placeholder. This symbol means that every sub-domain that comes before “” will be secured.

A certificate issued out for “*” will secure an unlimited amount of sub-domains, such as,,,, etc.

Wildcard certificates can also be issued for second-level sub-domains as well, though there are stipulations. A certificate generated for “*” will secure an unlimited amount of sub-domains for “”. The certificate will not secure first level sub-domains in this situation; it will only secure the sub-domains found before “”.

Wildcard SSL Support Domain Names

Multi-Domain (SAN) Certificates

Multi-Domain and Unified Communications Certificates (UCC) protect multiple fully qualified domain names (“”). Certain server environments will not allow multiple certificates to be installed, so this is an easy and cost-effective solution to combat that issue. Multi-Domain certificates are offered as DV, OV, and EV (extended validation).

Multi-Domain certificates allow you to include up to 250 SANs, or Subject Alternative Names with a single certificate. These certificates require domain-validation on all of the SANs before they become active.

When inspecting a site that is secured with a Multi-Domain Certificate (or Multi-Domain Wildcard Certificate), the list of SANs included on that certificate can be viewed by anyone. We usually do not recommend these certificates to people who are covering their client’s websites, and do not want the sites to be connect to one another .

Different types of SSL/TLS Certificates

Multi-Domain Wildcard Certificates

Multi-Domain Wildcard certificates are unique in the fact that there is nothing it cannot secure. The Multi-Domain Wildcard certificates are often used for organizations with complicated web-infrastructure. These certificates will secure up to 250 domains on a single certificate, depending on the vendor.

To generate a CSR for a Multi-Domain Wildcard, the Common Name must be a fully qualified domain name ( Once the CSR is submitted, you can list your SANs. Your SANs list can be composed of fully qualified domain names (, Wildcards (*, or a mix of both. Multi-Domain Wildcard certificates are also able to secure multi-level sub-domains and public-facing IP addresses.

Once generated, the Multi-Domain Wildcard certificate will be installed as a single certificate to your server. This can be very helpful when you are trying to secure multiple domains. Unfortunately, this also means that if the time comes to alter the information on the certificate (such as adding another domain), all domains must be re-validated before the certificate goes active again.

If you have any questions, or need help determining which certificate is for you, feel free to contact our support team.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 What is the Difference Between SHA-2 and SHA-2-Full-Chain

While you’re generating your SSL/TLS Certificate you may see an option to select a from 2 different hashing algorithms. You’re given a choice between SHA-2 and FULL SHA-2. SHA-2 is also sometimes referred to as SHA-256. But what’s the difference,...

 How to Check a Certificate’s Expiration Date (Chrome)

Get certificate information on any website in just a few clicks. Checking your SSL certificate’s expiration date on Google Chrome is fairly easy. Depending on which version of Chrome you’re running, it can be done within just a few clicks. Here’s...

 Troubleshooting Insecure Content

One of the most common issues site owners run into when installing and SSL certificate and migrating to HTTPS is Insecure Content. This error is produced when content on a secure website is being loaded through a non-secure source. An example...

 Troubleshooting a Name Mismatch in Web Browser

A Name Mismatch in the Web Browser occurs when the common name listed on an SSL certificate doesn’t match the name displayed in the URL bar. In order for an encrypted connection to commence, both the name on the certificate and the name in the URL...

 Explaining the Chain of Trust

A brief overview of PKI (Private Key Infrastructure) and why your certificate is trusted. One of the most common questions we field is in relation to the “Chain of Trust.” If you’ve ever had any questions about roots, intermediates or how SSL...

Powered by WHMCompleteSolution