Multi-Domain SSL – Comprehensive SSL Security for Business Websites

SSL Certificates are landmarks for data security. From securing data in transit to enhancing customer trust and improving search rankings, SSL certificates are indispensable for all kinds of organizations, regardless of whether they maintain a simple blog website or a complex e-commerce website.

But what if you are managing multiple websites? Would you need multiple SSL certificates for the multiple domains and sub-domains? Would you need to invest capital and manpower to manage these multiple certificates?

Not necessarily. Multi-domain SSL provides a simplified, efficient, and cost-effective approach to manage data security across multiple domains and sub-domains. Read on to understand how multi-domain certificates work and how they ensure the comprehensive security of your business websites.

Multi-Domain SSL: An Introduction  

Multi-domain SSL, also known as SAN SSL certificates, enable you to secure multiple domains and sub-domains on a single certificate. Depending upon the Certificate Authority (CA) and the plan you choose, you can secure up to 250 domains under one of these multi-domain security certificates.

Under these multi-domain security certificates, the Common-Name (CN) is referred to as the primary/ base domain and other domains as SAN (Subject Alternative Names) domains. The SANs can be sub-domains, domains with different TLDs (Top Level Domains), or any other variations.

Example:

Company A runs multiple websites for its multiple business lines. They want to protect the domains mentioned below without having to manage/ purchase different SSL certificates:

• domain-name.com
• domain-name.com
• domain-name-1.org
• domain-2-name.net
• domain-2-name.net
• domain-name.com
• domain-name-1.org

With a multi-domain SSL certificate, ‘A’ can protect all sites by mentioning them as SAN domains on a single certificate.

If you choose a versatile multi-domain SSL, you can secure multiple FQDN, IP addresses, web server host names, payment gateways, private host names, and firewall devices. Further, you can secure domains that are not on the same server as long as you purchase a security certificate with unlimited server licenses. Backed by 256-bit encryption, strong authentication capabilities, and warranty, Entrust SSL Certificates from Indusface enables businesses to secure up to 250 SANs in addition to their FQDN.

How Do They Ensure Comprehensive SSL Security for Business Websites?

How Does SSL Work?

• When a client (browser) visits an SSL-secured website, an SSL handshake happens. This handshake ensures that encryption (encoding) and decryption (decoding) happen properly.
• When the request is sent by the client to the server, the server responds with a copy of the SSL.
• The browser will check the validity of the certificate and only send the message if the certificate is trustable.
• The browser will send an acknowledgement to begin the SSL-encrypted session and establish a secure connection using its own public key and the server’s private key. Together, these two keys are called a session key, vital to keep the connection secure.
• Encryption converts data by scrambling it into unreadable form. It is done on the data/ message the client wants to send to the webserver.
• Finally, the encrypted data is transferred between the client and the web server. This way, data in transit is secure from tampering by hackers.

How Does Multi-Domain SSL Work?

For Multi-Domain SSL certificates, you will have to list out all your SANs along with your CN while filling your Certificate Signing Request (CSR). They will appear in the SAN fields under the certificate information. However, SANs receive the same level of encryption and security as the CN.

When the client visits a multi-domain SSL-secured website, the client will check the validity of the certificate. Further, it will verify if the URL matches any of the names mentioned in the list. If it matches, then a secure connection will be established with the server by the browser.

Domain Validation (DV) being the basic type of validation wherein only the domain ownership is verified by the CA, is only suitable for blogs, static websites, and other websites that do not collect sensitive information. Multi-domain certificates need a minimum of Organization Validation (OV) wherein the SSL certificate authenticates the domain and business ownership. This level of assurance tells you that you are dealing with the company whose information is listed on the certificate.

With Extended Validation (EV) of multi-domain SSL certificates, you are assured of the highest level of authentication. All domains and sub-domains secured with the certificate get visual cues or trust signs such as dynamic site seals, the name of the Company displayed when clicked on the Lock sign, and so on. It serves as a sign of trust and credibility for the business and the website. It is essential for e-commerce and other dynamic websites.

To ensure that your multi-domain SSL provides comprehensive and effective SSL security, you must choose the OV or EV level of assurance.

A Note on Private-Key Duplication

The duplication of SSL certificates for deployment on multiple servers using a single certificate is a high-risk proposition. This is because the duplication of SSL certificates requires the duplication of private keys. Private keys are like CVV to credit cards. When one of the servers is compromised, then the other servers using the duplicated private keys are automatically exposed to the same risk. Private-Key duplication risks are the same, irrespective of the type of SSL certificate. Private key duplication must be avoided to maintain high standards of security.

The Way Forward

Whether you are an SME or a large corporate, multi-domain SSL from the right Certificate Authority empowers you to rest assured of the security of your multiple websites and focus on your core business activities.

Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.