Difference between Multi Domain (SAN) & Wildcard SSL Certificate

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
LoadingLoading...

Get to know the essential differences between a Multi Domain SSL Certificate and Wildcard SSL Certificate

If we had a penny every time someone asked us the difference between Multi Domain (SAN) & Wildcard SSL Certificate, we would have 32568642 pennies. We’re not kidding (Well, we are!). Jokes apart, the difference between Multi Domain (SAN) & Wildcard SSL Certificate is one of THE most asked questions by our clients. The reason behind this question is the striking similarity they both pose at a first glance. Some even perceive them to be the same. Undoubtedly, they’re not. Let’s understand why.

Multi Domain SSL vs Wildcard

Multi Domain (SAN) SSL Certificate

As implied in the name itself, you can secure multiple domains using a single SSL certificate. Before Multi Domain (SAN) SSL certificates existed, one had to buy and install a separate certificate for each domain he/she wanted to secure. As a result of this limit, one had to bear a significant cost & time. Moreover, managing numerous certificates was an even harder job. certificate for each domain he/she wanted to secure. Fortunately, this is not a case anymore. You can add multiple primary domains as well as multiple sub-domains using a single Multi Domain (SAN) SSL certificate.

For example, the SAN certificate will protect:

  • www.example.com
  • www.example.net
  • www.examples1.com
  • www.examples2.com
  • www.SomethingCompletelyDifferent.com

Wildcard SSL Certificate

The Wildcard SSL certificates are similar in nature to the multi domain SSL certificates. However, there is a fundamental difference between them. Wildcard certificates secure multiple sub-domains, not primary domains.

Domain & Sub domains types Wildcard SSL can secure:

  • mail.example.com
  • contact.example.com
  • sales.example.com
  • admin.example.com
Multi Domain (SAN) SSL Certificate Wildcard SSL Certificate
  • Multi Domain (SAN) SSL Certificates secure multiple primary domains as well as multiple sub-domains.
  • Wildcard SSL Certificates secure multiple sub-domains.
  • The number of domains that can be secured using Multi Domain (SAN) SSL Certificate depends on the certificate authority. The maximum number of domains you can secure using a single SSL is 250.
  • Unlimited sub-domains can be secured using a single Wildcard SSL certificate.
  • The different domain names that are protected by the SAN certificate, must be defined and added at the time of the certificate purchase (though they may be substituted with other domain names later).
  • The different subdomains, which are protected with a Wildcard, may be selected at any time.
  • Multi Domain (SAN) SSL Certificate comes with DV, OV and EV options.
  • The wildcard SSL only comes with domain validation (DV) and organization validation(OV).

Which one to choose?

New certificate buyers should first consider the level of protection that they desire for their website because EV (Extended Validation) SSL can only be applied to the SAN SSL certificates and not the Wildcard certificates.  EV SSL has been increasingly gaining popularity because it offers the highest standard of protection through a stringent validation/verification process required by the CA/Browser Forum.

One major concern about Wildcard certificates is that if one of the subdomains is compromised, then all of the subdomains are at risk. However, while this worst-case scenario should be considered, an online business owner should not be deterred from benefitting from this helpful certificate if it truly and sufficiently meets their needs. The prices will vary on both of these certificates and every e-commerce owner should get as much protection as they can with their money without having to go overboard because of ‘possible’ pitfalls. Although, many owners simply prefer SAN certificates because they allow them to protect internal and external networks by using different domain names.

Obviously, both certificates allow the online business owner to extend protection in multiple areas with one certificate. Therefore, it depends on which direction that owner wants to extend that protection. If they are unsure about whether they want, or need, different domain names in the future, but they are currently sure that they need protection on multiple levels now, they may look at purchasing a SAN certificate to use in order to keep the option open. Before a commitment is made to Buy a Wildcard for a year, the owner should consider if they would like the opportunity to secure all of their needs with the broader SAN certificate (which would also allow them to more easily change the domain names and eliminate the possibility of having to wait for any certificates to expire before upgrading). It all depends on what that freedom is worth to the owner.

Wildcard and SAN compatibility

After reviewing numerous blog postings by new certificate users, it appears that the majority have experienced greater compatibility with the SAN certificates. Some certificate purchasers have voiced concerns of Wildcards not working as well with older mobile devices, POP/IMAP issues, and connectivity issues with Outlook Anywhere. With that being said, there were not very many specific explanations detailing the experiences encountered. Each online business owner that is interested in discovering more information about any potential issues with these different certificates should speak with other SSL purchasers or an SSL expert.

Share on Facebook1Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *