GlobalSign Blog

The Pros and Cons of Multi-Domain SSL/TLS

The Pros and Cons of Multi-Domain SSL/TLS

Multi-domain SSL/TLS certificate

Your business has started expanding and now has multiple websites. There is your main website – example.com, but now there is also blog.example.com and another branch, tx.example.com. Gone are the days when protecting these websites are done individually. There is now a way to secure your business altogether, thanks to multi-domain SSL/TLS certificates.

A multi-domain SSL/TLS certificate utilizes Subject Alternative Names (SANs) to secure your main domain along with up to 100 domain names, subdomains, and public IP addresses using only one SSL/TLS certificate. Unlike the single-domain SSL/TLS certificate, multi-domain SSL/TLS certificates require only one IP server to be the certificate host.

How do multi-domain certificates work?

All SSL/TLS certificates offer encryption. When a user visits a website protected by an SSL/TLS certificate, the browser will confirm the certificate validity, then creates a unique session key that is used to encrypt the communication.

What sets apart the multi-domain type is the use of Subject Alternative Names. Multi-domain certificates offer full control over the SAN field. This allows the certificate owner to specify additional host names to be secured by the certificate. For instance, you own an eCommerce website with presence in multiple countries. You can secure users of ecommerce.com, us.ecommerce.com, and the payment page payment.ecommerce.com using one SSL/TLS certificate through inputting the domain names in the SAN field.

Pros and cons of multi-domain SSL/TLS

Different types of certificates (single-domain, multi-domain, and wildcard) have their advantages and disadvantages. This segment will discuss the pros and cons of a multi-domain SSL/TLS.

Pros

  • Secures all domains and subdomains using only one certificate

    The simplicity and convenience in certificate management free up the burden of your IT team in managing multiple individual certificates across different websites, especially if used in conjunction with a certificate management platform. In addition, multi-domain certificates save a lot of costs and installation challenges.
  • One-time verification process

    Added to this convenience is the one-time verification process involved. Unlike single-domain SSL/TLS certificates where all domains require individual identity verification, multi-domain SSL/TLS certificates only require one identity verification across different domains.
  • Comes at three levels of validation

    Multi-domain certificates also come at three levels of validation: the domain validation (DV) that informs the user that the website has been validated by a certificate authority, organization validation (OV) that authenticates the business legitimacy and identity, and the extended validation (EV) – the highest form of certificate validation that authenticates the owner’s legal entity. This establishes trust among all users of the secured domains and subdomains.
  • Maintains the credibility of the entire website

    For businesses, no client wants to visit a website that is unsecured due to the huge risks they will be exposed to. Let’s say the eCommerce website you own is secured through a single-domain SSL/TLS certificate. The payment page (payment.ecommerce.com) is not secured, therefore decreasing the integrity of the entire business, and exposing the client to hacking and data breach. Through using a multi-domain SSL/TLS certificate that secures all pages, both your business and your clients will be protected, maintaining the credibility of your website. Multi-domain SSL/TLS certificates are also trusted by over 99% of browsers.

Cons

  • One domain affects all

    However, having only one certificate for all your domains and subdomains also has its drawbacks. The biggest one is the task involved in updating the SSL/TLS for the removal or addition of websites and domains after the acquisition, as it requires a reissuance of the SSL/TLS certificate. If the certificate expires, it will affect all sites using the multi-domain SSL which results in downtime on not just one but all its subdomains.

GlobalSign’s Multi-domain SSL/TLS

In summary, the convenience in certificate management provided by multi-domain SSL/TLS certificates, combined with the different levels of validation and the integrity and security they provide to your business are truly beneficial. Each type of certificate can provide a specified benefit for your business. Therefore, it will be good to know your business requirement before deciding. If you want multiple websites to be secured, or if your sites contain different numbers of nodes in the domain name, then the multi-domain SSL/TLS certificate is the right one for you.

GlobalSign includes OWA, Mail, and Autodiscover SANs for free with all SSL/TLS Certificates. Make website management more convenient using multi-domain SSL/TLS. Speak with us today!

Share this Post

Related Blogs