Contact us at |support@ssldragon.com
  • multi-domain vs wildcard

Multi-Domain vs. Wildcard SSL certificates- What is the difference?

Thursday, July 18th, 2019

Among all types of SSL certificates, Multi-Domain and Wildcard ones generate the most questions from the new users. While regular SSL certs secure just the main domain and are pretty easy to understand, Multi-Domain and Wildcard products are in a different class: more powerful, more flexible, and more expensive than their single-domain counterparts. Because both Multi-Domain and Wildcard certificates can secure multiple SANs (Subject Alternative Names), it’s easy to mix them up. In this article we’ll compare the Multi-Domain vs. Wildcard SSL certificates so that you can instantly tell one from another. We’ll start with essential technical aspects, then move on to other key areas such as validation, extra features and pricing.

What does a Multi-Domain SSL certificate secure?

A multi-domain SSL certificate, also called SAN (Subject Alternative Name) or UCC (Unified Communication Certificate) encrypts multiple domains under a single SSL installation. If you have two, three or two hundred websites, one multi-domain cert is enough to secure them all. Moreover, the multi-domain certificate renews across all your domains, saving you precious time and money.

A typical multi-domain certificate comes with 3 domains by default, and you can secure up to 250 additional SANs on the checkout page. Here’s how it works:

It can protect three different domains:

  1. Firstdomain.com
  2. Seconddomain.om
  3. Thirddomain.com

It can protect three different subdomains:

  1. Blog.yourdomain.com
  2. Shop.yourodmain.com
  3. Forum.yourdomain.com

It can also protect three different domains and subdomains:

  1. Firstdomain.com
  2. Seconddomain.com
  3. Blog.firstdomain.com

What does a Wildcard SSL certificate secure?

A Wildcard certificate protects your main domain along with unlimited subdomains under one SSL installation. No need to buy separate certs for each subdomain. A single Wildcard product will suffice. Best of all, you can add as many subdomains as you want, whenever you need and simply reissue your certificate to enable the encryption on the new subdomain. Here’s how Wildcard SSL works:

It secures your main domain, for instance: yourdomain.com, and all its subdomains. For example:

  • Shop.yourdomain.com
  • Forum.yourdomain.com
  • News.yourdomain.com
  • Membership.yourdomain.com

How to configure Multi-Domain vs. Wildcard certificates?

Configuring your Multi-Domain certificate is easy. During the CSR (Certificate Signing Request) generation, specify your first domain. For example, yourdomain.com. Right under the CSR text area, in the additional domains’ fields (SANs), add the rest of domains or subdomains you want to protect.

As for Wildcard certificates, when requesting one, add an asterisk in front of your FQDN (fully-qualified domain name) during the CSR generation.  For example, *.yourdomain.com.

SSL Validation – Multi-Domain vs. Wildcard certificates

When it comes to validation methods, Multi-Domain certificates excel. You can get DV Multi-Domain certs, BV Multi-Domain products, and even the premium EV Multi-Domain certificates. Whether you want to secure a couple of basic websites or a network of complex e-stores, Multi-Domain SSL can do that.

Wildcard certificates, on the other hand can protect only Domain and Business validated websites. Extended Validation Wildcard certificates don’t exist and for a good reason. There are too many security vulnerabilities associated with a potential EV Wildcard certificate.

Extended Validation was specifically designed to provide the utmost level of trust and is subject to lengthy verification procedures. CAs would have to verify the identity of each subdomain for the EV Wildcard to work, and they don’t want to commit time and money to such a risky and exhausting endeavor.

Multi Domain vs. Wildcard SSL – which one is cheaper?

The price depends on several important factors but mainly the validation method and brand. If you were to buy the cheapest SSL certificate from each category, you would spend less on a multi-domain product. The most affordable Multi-domain certificate is just $19,99 at SSL Dragon, while the least expensive Wildcard cert is $57.49. The price for multi-domain certs may rise if you add an additional domain on the checkout, but generally, DV and BV multi-domain certificates are cheaper than Wildcard products.

Multi-Domain Wildcard SSL Certificates

Both Multi-Domain and Wildcard SSL certificates offer amazing benefits for complex websites, networks and systems However, there’s also one type of SSL that offers the ultimate flexibility – Multi-Domain Wildcard certificates. With a single Multi-Domain Wildcard cert, you can protect all your subdomains on multiple domains. Here’s how this one of a kind product works:

It can secure one main domain and multiple Wildcard domains. For example:

  • youdomain.com (specified in your CSR)
  • *.youdomain.com
  • *.yoursecondomain.com

It can encrypt one primary domain and several Wildcard domains (with both first level and second-level subdomains). For example:

  • youdomain.com (specified in your CSR)
  • *.yourdomain.com
  • *.blog.yourdomain.com

It can protect multiple domains and several Wildcard domains (with both first level and second-level subdomains:

  • yourdomain.com (specified in your CSR)
  • yourseconddomain.com
  • *.yourseconddomain.com

Due to their versatility, Multi-Domain Certificates are trickier to configure. Please note, when you add a SAN item such as *.yourdomain.com, you secure its unlimited subdomains, but not the domain itself. To encrypt all your domains and subdomains, you’ll have to configure the Multi-Domain Wildcard SSL cert the following way:

  • youdomain.com (specified in your CSR)
  • *.yourdomain.com (for all subdomains)
  • yourseconddomain.com
  • *.yourseconddomain.com (for all subdomains)

Final thoughts

Multi-Domain and Wildcard certificates are a great example of SSL management efficiency. Besides saving time and money, they protect websites of all sizes against malicious cyber-attackers. Hopefully, this article has helped you better understand the differences and similarities between these two types of SSL certificates.