Multi-Domain SSL Certificates

A multi-domain SSL certificate secures several distinct domain names on a single certificate instead of requiring one certificate per domain. The primary domain goes in the Common Name field; each additional hostname is listed in the Subject Alternative Name (SAN) field.

A single cert can cover example.com, example.net, shop.example.org, and mail.example.io in one issuance, with one private key, one renewal, and one installation across however many servers host those hostnames.

SSL Dragon’s multi-domain products include 3 domains by default (1 Common Name plus 2 SANs) and scale up to 250 SANs depending on the CA and product tier.

Three names exist because three industries labeled the same product from different angles.

• “SAN certificate” comes from the Subject Alternative Name field itself, a name engineers adopted after the mechanism defined in the X.509 specification.
• “UCC certificate” — Unified Communications Certificate — is the name Microsoft promoted when multi-domain certs became the standard fit for Exchange, Office Communications Server, and Lync hostname requirements; the label stuck for Office 365 hybrid deployments.
• “Multi-domain SSL certificate” is the plain-English label resellers adopted so buyers could find the product without knowing the technical or Microsoft-specific terms.

A shopper comparing a SAN certificate against a UCC certificate against a multi-domain SSL is comparing three labels on the same shelf. CAs occasionally brand individual products differently (PositiveSSL Multi-Domain at Sectigo, Secure Site Multi-Domain at DigiCert), so it pays to check all three search terms when shopping.

Multi-domain SSL certificates are available in all three validation tiers, and the encryption strength is identical across them: 256-bit session encryption, 2048-bit RSA signature keys, ECC supported. Validation level changes what the CA verifies about the buyer, not how traffic is secured.

• Domain Validation (DV): issued in roughly 5 minutes after domain control check. Suited to blogs, personal projects, internal tools, and staging environments.
• Organization Validation (OV): issued in 1–3 business days after business verification. The certificate displays company details, which aligns with PCI DSS requirements for payment environments.
• Extended Validation (EV): issued in 1–5 business days after the strictest verification process. Typical fit is enterprise, e-commerce, and regulated industries.

Three related products solve three different coverage problems:

• Multi-domain covers multiple primary domains on one certificate, for example example.com, example.net, and shop.example.org. Pick multi-domain when the hostnames don’t share a parent domain.
• Wildcard covers one primary domain plus every subdomain one level deep: *.example.com secures mail.example.com, shop.example.com, and any other single-level subdomain. Pick wildcard SSL certificates when you have one domain with many subdomains.
• Multi-domain wildcard combines the two: multiple primary domains plus first-level subdomains of each on a single certificate. Pick multi-domain wildcard SSL certificates when the environment mixes both.

To weigh SAN against wildcard in more depth, see our compare SAN and wildcard certificates in depth guide.

Maximum SSL/TLS certificate validity dropped to 200 days on March 15, 2026, under CA/Browser Forum Ballot SC-081v3. That’s the first step in a phased reduction: 100 days in March 2027, and 47 days in March 2029.

For multi-domain buyers, each cut compresses the reissuance cycle across every SAN on the certificate at once, so renewal turns from an annual calendar item into a recurring operational process.

ACME automation for SSL certificates is the industry-standard answer: ACME clients handle renewal, CSR generation, and installation without manual steps, which becomes the difference between staying online and missing a reissue window once the shorter limits take effect. Multi-year subscriptions from SSL Dragon lock in today’s pricing across the full term and queue automatic reissuance at each validity boundary.