The simple answer is a resounding Yes! You absolutely can use one SSL certificate for multiple domains — or one SSL certificate for multiple subdomains in addition to domains. To understand why and how you can do it , we need to take a look at SSL/TLS certificates and some of its various types.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) are cryptographic protocols that enable end to end encrypted communication between a client machine and a web server. When you decide to install an SSL/TLS certificate on your web server or access a site that uses one such certificate, the traffic is transmitted through an encrypted channel. What this implies is that if an attacker is eavesdropping on the network, he will not be able to steal your sensitive data in a readable form.
There are different types of SSL/TLS certificates classified based on their validation level and functionality. For securing multiple domains with a single SSL certificate we use either a multi domain/UCC/SAN certificate or a multi domain wildcard SSL certificate.
Two SSL Certificates for One Domain
It is possible to install two SSL certificates for one domain because of server name indication (SNI) technology. There are two possible scenarios to have two SSL certificates for one domain – if your old certificate is expiring soon or if you have one domain hosted on multiple servers and maybe using a load balancer. Although it is possible to have two SSL certificates for one domain, it is certainly not ideal for security and scalability.
How to Use One SSL Certificate for Securing My Domains with a Single SSL Certificate
So now that we have an idea about what an SSL certificate is let us understand how they come into play in securing our domains and how we can use one SSL for multiple domains.
How Multi Domain/SAN Certificates Work
Multi domain SSL/TLS certificates also called UCC (which stands for “unified communication certificate”) or SAN (which stands for “subject alternative name”) certificates, secure multiple fully qualified domain names (FQDNs). While the common name listed on the certificate signing request (CSR) cannot be modified, you can add or edit the SANs.
UCCs were created for certain server environments like Microsoft Exchange and Communications servers, but nowadays they can be used with any server environment. These certificates are available for all levels of validation — domain validation (DV), organization validation (OV), and extended validation (EV), but all domains will receive the same level of validation.
Consider the following example:
Alice is a business owner with multiple lines of business. She plans to build a different website for each of these businesses and wants to use HTTPS on all of them without having to manage multiple SSL/TLS certificates. Suppose she wants to secure the domains mentioned below:
- www.site1.com
- blog.site1.com
- www.site2.org
- www.site3.net
With a SAN certificate, she can secure all the sites by citing them as subject alternative names on a single certificate.
Secure Up to 250 Multiple Domains with One Multi Domain SSL – Save 50%
Save 50% on Sectigo Multi Domain SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.
How Multi Domain Wildcard SSL Certificates Work
A multi domain wildcard SSL certificate is a single certificate that covers multiple domains and their accompanying subdomains. It can be used as:
- a SAN certificate (one SSL certificate for multiple domains),
- a wildcard SSL ( one SSL certificate for multiple subdomains), or
- a mix of both.
It can secure up to 250 domains and unlimited subdomains at multiple levels. While completing the CSR, an asterisk can be placed to indicate the level of the subdomain that needs to be encrypted. For example, if the website owner for site.com, example.com, and website.org are trying to secure first-level subdomains, the certificate application will appear as –
- Common Name: www.site.com (Note: The common name can never be a wildcard)
- SAN 1: site.com
- SAN 2: *.site.com
- SAN 3: *.example.com
- SAN 4: *.website.org
Note that multi domain wildcard SSL certificates are available for two levels of validation: DV and OV.
Multi Domain/SAN/UCC vs. Multi Domain Wildcard SSL
The table below highlights the differences between multi domain (SAN) SSL certificates and multi domain wildcard SSL certificates.
Multi Domain/SAN SSL | Multi Domain Wildcard Certificate |
---|---|
A single certificate that secures up to 250 domains and subdomains. | A single certificate that secures up to 250 domains and an unlimited number of subdomains at multiple levels. |
Limitations on the number of domains covered are defined by the issuing certificate authority. | No limits on the number of subdomains covered. You can place an asterisk at the subdomain level you’re trying to encrypt in the SAN fields of the CSR. |
Example: www.website.com, blog.website.com, www.website.org, www.example.com, etc. can all be secured using one certificate. | Example: *.site.com secures every subdomain at that level such as order.site.com, blog.site.com, etc. |
The different domain names you wish to secure must be defined and added at the time the certificate is purchased. Additional SANs can be acquired later. For modification of existing SANs, the certificate will need to be reissued. | Additional subdomains can be added or removed at any time. |
Available for all levels of validation – DV, OV, and EV. | Available for DV and OV levels of validation. EV is not an option with wildcard SSL certificates. |
In Summary
Depending on your specific business needs, you can use both a SAN certificate or a multi domain wildcard SSL to secure multiple domains. If there are numerous subdomains at different levels for the domains you want to cover, it makes more sense to go for the multi-domain wildcard SSL certificates. If, however, you can list them as SANs — and if it ends up being more cost effective for you — then that should be your pick.
Top Multi Domain SSL Certificates of 2020
Features | PositiveSSL Multi-Domain (DV) | Sectigo OV Multi-Domain SSL Certificate | Sectigo Multi-Domain/UCC SSL Certificate |
---|---|---|---|
Lowest Price | $25.60/yr | $140.00/yr | $127.20/yr |
Domains Secured | Up to 250 Multiple Domains | Up to 250 Multiple Domains | Up to 250 Multiple Domains |
Validation Level | Domain Validation | Organization Validation | Domain Validation |
SSL Encryption | up to 256-bit | up to 256-bit | up to 256-bit |
Key Length | 2048 bits | 2048 bits | 2048 bits |
Server License/td> | Unlimited | Unlimited | Unlimited |
SSL Site Seal | Included | Included | Included |
Reissue Policy | Unlimited | Unlimited | Unlimited |
Warranty | $50,000 | $1,000,000 | $500,000 |
Refund Policy | 30 Days | 30 Days | 30 Days |
SAN / UCC Support | Yes | Yes | Yes |
Browser Support | 99% | 99% | 99% |
OS Support [Desktop] | Yes | Yes | Yes |
OS Support [Mobile] | Yes | Yes | Yes |
Buy Now | View Product | View Product | View Product |