Securing multiple domains and sub-domains does not need different SSL certificates anymore. Wildcard SSL Certificates and SAN SSL Certificates are both capable of providing data encryption and security across multiple domains, sub-domains, and more using a single certificate.
In this article, we delve into what Wildcard SSL Certificates and SAN SSL Certificates are, their advantages and drawbacks, the differences between them, and which one to choose for effective security.
Wildcard SSL Certificates (WC SSL Certificates) secure one primary domain marked with a wildcard character (*) and unlimited sub-domains at the same level of that primary domain. Whether you have 20 sub-domains or 2000 on a single level, you will be able to secure them all with a single WC certificate.
Let’s just take a moment to understand what levels mean with respect to sub-domains.
The primary domain for example website is marked with an asterisk symbol and it is *example.com.
The first-level sub-domains will be something like:
The second-level sub-domains will look something like this:
The third-level sub-domain will be something like primary.login.example.com…so on and so forth.
It is critical to note that a Wildcard SSL will secure multiple sub-domains that are at the same level, not multiple levels. So, if you own a WC SSL for *example.com, you are securing first-level sub-domains. If you add a new sub-domain – music.example.com or news.example.com, they will be automatically added to the certificate and secured.
However, second and third-level sub-domains will not be secured under this Wildcard SSL Certificate. You must purchase another WC SSL Certificate to secure sub-domains under say, *shop.example.com or *mail.example.com.
SAN SSL Certificates are also known as Multi-domain SSL Certificates and Unified Communication Certificates (UCC). SAN (Subject Alternate Name) SSL secures multiple Fully Qualified Domain Names (FQDNs) and sub-domains under a single SSL Certificate.
The primary domain is called the Common Name (CN) and the additional domains are referred to as SANs. The SANs can be other FQDNs, domains with other top-level domains (TLDs), sub-domains, or other variations.
With a SAN SSL Cert, an organization can protect, for instance,
The owner of the certificate needs to clearly state the CN and all SANs they wish to secure under the multi-domain SSL Cert while making the Certificate Signing Request (CSR). If the organization wishes to add more SANs to the certificate later, the certificate has to be re-issued; these new SANs are not automatically added to the certificate.
Despite their differences, SAN and Wildcard SSL Certificates offer similar encryption strengths (256 bits) and are compatible across most browsers and devices.
If you want to protect your root domain and its subdomains, it makes sense to go with Wildcard SSL Certificate. On the other hand, if you have multiple domains and you want to extend your protection in that direction, then a SAN Certificate is the right option.
After considering your security requirements, don’t forget to choose the best SSL certificate providers such as Entrust by Indusface for the strong, multi-layered security across your multiple domains and sub-domains.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
This post was last modified on January 1, 2024 20:26
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More
Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More