What is Multi Domain SSL, or a UCC / SAN SSL Certificate?

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00)
Loading...

A quick primer on Multi Domain, SAN, and UCC SSL certificates and how they work

If you’re here because you’ve asked your favorite search engine “What is multi domain SSL,” “what is a SAN certificate,” “what is UCC SSL,” or any variation of those questions, you’ve come to the right place. We’ll answer your question, but we first must share a brief story to help you understand what these terms entail.

Story Time: A Concise History of SSL Certificates

Once upon a time, SSL certificates only came in the single domain flavor — truly the vanilla of PKI. But that model wasn’t nearly lazy enough for the internet. “What if we have more than one site?!” And, if someone did have many websites, they wanted to manage them all with a single certificate because it would be irritating to have to keep track of a bunch of certificates and stuff.

So, the PKI gods put their heads together and handed down multi-domain SSL certificates. And the internet said, “what if I’m running on a Microsoft Exchange or Office Communications server?” So, again they convened, and this time they designed UCC SSL (unified communications certificate), which worked specifically on those two server types.

That was years ago. Nowadays, multi domain SSL certificates and UCCs can basically be used interchangeably. Still, we advise using them for their intended use-cases, just to avoid any undue complications (or to avoid ticking off the PKI gods).

How Do Multi Domain/UCCs Work?

Just as with a normal SSL certificate, with a multi domain/UCC certificate, you create the certificate signing request (CSR) and generate the private key just as you normally would. There’s just one difference: Multi-domain/UCCs have additional fields called SANs, or Subject Alternative Names, which is where you can list additional domains — up to 250 — that can also be secured with the certificate.

Multi domain SSL certificates would never be possible without server name indication (SNI), which is an HTTP header that indicates the website a client is trying to reach in a shared hosting situation. Previously, every site needed its own IP address for a certificate to be installed. A multi domain certificate can secure all of the websites residing on a single IP address, or it can secure multiple IP addresses (at the OV and EV levels).

The Drawback of Using Multi Domain SSL

While all of this is great, there is one drawback to multi domain certificates: key surface. The more websites that use the same key pair, the more likely that key pair is to get compromised. Some exploits specifically work by sending requests across multiple sites all using the same keys. There is a non-zero chance that the key can be compromised with continued attempts.

However, we don’t share this to discourage you — we just want you to be able to make a fully informed decision about the type of SSL certificate you use. Overall, using a multi-domain certificate is an excellent way to save money and cut down on the administrative burdens typically associated with certificate management. SANs are available for purchase as needed, and they’re generally a lot cheaper than single domain certificates would be. Not to mention the time managing one certificate instead of tens or hundreds saves…

We hope this answered your question and invite you to discover the benefits of using a multi domain/UCC/SAN certificate for yourself:

SSL Certificate with Comodo Secure Logo

Comodo Multi Domain/UCC/SAN SSL Certificates — Save Up to 74%!

You can save a significant amount by buying your multi domain/UCC/SAN SSL certificate through us instead of through your web hosting company. We sell all Comodo SSL certificates at up to 74% off.

Compare Multi Domain/UCC/SAN SSL Certificates

It's only fair to share...
Share on Facebook
Facebook
0Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin