Given that you are already looking to protect your subdomain with an SSL certificate, we assume that you are well-versed with the benefits of SSL protection and how it helps to gain the trust of your customers and other site visitors.
So, we will jump right into the subject of how to use SSL certificates for subdomains. Not only that, but we will also touch upon the subject of multiple top-level domains, so you know the difference.
It may sound not very easy, but we will make it easy. There are solutions you can use, so you do not have to get a separate SSL certificate for every domain and subdomain you own or manage. You can use the same SSL certificate to cover multiple domains and subdomains, which saves you money and makes it easier for you to manage your internet security.
This is a boon for businesses that like keeping their systems and processes streamlined for ease of operations and gaining the best possible efficiencies. Imagine being a large corporation with 100s, if not 1000s of domains and subdomains, and having to manage a separate SSL certificate for each of them. You will need dedicated staff for just managing your SSL certificates!
The good news is that it is not difficult to secure multiple domains. There are numerous options to choose from. We will cover them all here, so you have the background to make an informed choice that aligns with your long-term goals.
Before we get to multi-domain SSL certificates, let us first quickly summarize how SSL encryption works.
Before we start, note that SSL encryption works the same way for all kinds of SSL certificates, so you do not have to be concerned about getting better or worse SSL encryption quality when picking the SSL certificate to fit your needs. If you get your SSL certificate from a trusted CA (Certificate Authority), your site visitor’s information will be protected.
When a user’s browser (or the client agent) connects with a website (or webserver) that has an SSL certificate installed, the two parties carry out what is called an SSL handshake. This handshake sets up the mechanism so both the parties can encrypt (or encode) the data before putting it on the communication channel. The other side can decrypt (or decode) the information once they receive it.
All data is scrambled during transmission so that even if a hacker were to insert themselves between the two parties and intercept the communication (called MITM or Man in the Middle attack), they would not be able to make sense of the information. Hence they will not be able to use the data they’ve collected for their malicious designs.
During the data exchange process, the client agent will check if the SSL certificate presented by the website is valid. Once the web server’s authenticity has been established, a secure connection will be activated using the server’s private key and the client’s public key. This results in the creation of a session key, which is used to keep the entire communication secure. The handshake establishes the mechanism that safeguards the user information during data exchange while they browse your site.
Now that you have the basics of SSL encryption let us jump into the wildcard and multi-domain SSL certificates and see how they differ.
Types of Multi-Domain SSL Certificates
You have these three options to pick from when considering an SSL certificate to cover multiple domains/subdomains:
- Multi-domain or SAN certificate
- Unified communication certificate (UCC)
- Wildcard SSL certificate
- Multi Domain Wildcard certificate
The way you decide on the right SSL certificate for your multi-domain or subdomain needs depends on factors such as your operating environment, whether you plan on expanding into more subdomains in the coming months or years, etc.
Multi-domain Wildcard Certificate
SAN stands for Subject Alternative Name. In the context of a multi-domain wildcard SSL certificate, it is a field that allows multiple hostnames and subdomains in a single SSL certificate. However, the most used form is DNS (Domain Name Systems) names.
When an internet accesses a site secured using a multi-domain wildcard SSL certificate, the web browser first checks to ensure that the URL matches at least one of the SAN names included in the multi-domain wildcard SSL certificate. Only if this validation step succeeds, a secure connection is established with the webserver. A multi domain wildcard allows securing different level of unlimited subdomains with the help of asterisk (*).
For instance, if you wanted to provide SSL protection to all your domains and subdomains for your leading site *.mydomain.com, *.mydomain.nz then, your SAN SSL certificate may have the following entries in its extensions section:
- DNS Name=www.mydomain.com
- DNS Name= mydomain.com
- DNS Name= sub.mydomain.com
- DNS Name= mydomain.nz
- DNS Name= sub.mydomain.nz
- DNS Name=*.mydomain.com
- DNS Name=*.mydomain.nz
Before making your final buying decision, check with your SSL certificate provider how many domains and subdomains can their multi-domain wildcard SSL certificate cover.
This is perfect for you if you have a presence in multiple countries and have a dedicated domain catering to each geographic location. And of course, you stand to gain from the ease of SSL certificate management with things such as renewals and keeping site security updated.
Unified Communication Certificate (UCC)
Unified communications certificates serve the same purpose as multi-domain/SAN certificates. Also called Microsoft Exchange SSL certificates, these are geared towards office environments that make heavy use of Microsoft Exchange and Office Communications.
Just like multi-domain wildcard SSL certificates, UCC also makes use of SAN extensions to cover multiple domains or subdomains. Check with your SSL certificate provider on how many domains/subdomains their Unified communications certificates can include. You need to mention domain names in a certificate that need to be secured while in multi domain wildcard does not need to specify subdomains separately.
If you are a Microsoft shop that relies on Microsoft Exchange and Office Communications for running many sites, domains, and subdomains, UCC may be your best choice for SSL protection.
Wildcard SSL certificate
Source 3: https://www.cheapsslcouponcode.com/blogimages/wildcard-vs-san779917844.png
Wildcard SSL certificates are slightly different compared to the ones we discussed above in the sense that they do not cover multiple domains. Instead, they are used for securing multiple subdomains of a single domain – so they are more like Wildcard SSL for a subdomain.
Say, if you buy a wildcard SSL certificate for *.mydomain.com, it will automatically extend the SSL protection to your subdomains for instance, mail.mydomain.com, blog.mydomain.com, shop.mydomain.com, and so on. However, this SSL certificate cannot be extended to cover mydomain.nz or mydomain.net – you will need to work out a different SSL certificate scheme for them.
Wildcard SSL certificates are best suited for situations where you may need to add more subdomains in the future and do not want to get a new SSL certificate whenever you do so. A wildcard certificate will automatically cover the new subdomains and no need to mention in certificate at the time of purchase.
You can use Wildcard SSL for subdomain certificates in conjunction with multi-domain/SAN and UCC certificates to cover all your online domains.
Multi-Domain SSL Certificate:
Multi-Domain SSL certificate or SAN SSL certificate is ideal for businesses where multiple levels of domains and subdomains need to be protected. For example, mydomain.com, mydomain.nz, sub.yourdomain.co.uk, sub1.domain.co.in, etc. A single certificate will take care of all domains and subdomains mentioned here. Such a type of certificate will give the same level of 256-bit encryption strength.
There are many SSL providers who offer up to 100 domains in a single SAN certificate. Each domain you add in a certificate will bear the cost. WWW and non-www domains will be counted separately. You can add a number of SANs during the certificate’s lifecycle.
Now that you know all about the different kinds of SSL certificates that can be used to cover multiple domains and subdomains, you can choose the one that fits your needs. Be mindful of your future expansion plans and the impact that may have on your SSL protection scheme.
Do not go all out and get the most flexible SSL certificate just because it is there, it will cost you more, and the process for acquiring it may be overkill. There may well be a perfectly good reason for not mixing all your domains in the same certificate!
Use your due diligence and balance your current needs of protecting your domain and subdomains with a single SSL certificate (a wildcard SSL certificate is perfect for that). Your needs are to cover multiple top-level domains and their subdomains.