Get to know the essential differences between a Multi-Domain (SAN) SSL & Wildcard SSL Certificate
If we had a penny every time someone asked us the difference between Multi-Domain (SAN) & Wildcard SSL Certificate, we would have 32568642 pennies. We’re not kidding (Well, we are!). Jokes apart, the difference between Multi-Domain (SAN) & Wildcard SSL Certificate is one of THE most asked questions by our clients. The reason behind this question is the striking similarity they both pose at a first glance. Some even perceive them to be the same. Undoubtedly, they’re not. Let’s understand why.
Multi-Domain (SAN) SSL Certificate
As implied in the name itself, you can secure multiple domains using a single SSL certificate. Before Multi-Domain (SAN) SSL certificates existed, one had to buy and install a separate certificate for each domain he/she wanted to secure. As a result of this limit, one had to bear a significant cost & time. Moreover, managing numerous certificates was an even harder job. certificate for each domain he/she wanted to secure. Fortunately, this is not a case anymore. You can add multiple primary domains as well as multiple sub-domains using a single Multi-Domain (SAN) SSL certificate.
For example, the SAN certificate will protect:
Wildcard SSL Certificate
The Wildcard SSL certificates are similar in nature to the multi-domain SSL certificates. However, there is a fundamental difference between them. Wildcard certificates secure multiple sub-domains, not primary domains.
Domain & Sub domains types Wildcard SSL can secure:
|Multi Domain (SAN) SSL Certificate||Wildcard SSL Certificate|
|Multi Domain (SAN) SSL Certificates secure multiple primary domains as well as multiple sub-domains.||Wildcard SSL Certificates secure multiple sub-domains.|
|The number of domains that can be secured using Multi-Domain (SAN) SSL Certificate depends on the certificate authority. The maximum number of domains you can secure using a single SSL is 250.||Unlimited sub-domains can be secured using a single Wildcard SSL certificate.|
|The different domain names that are protected by the SAN certificate, must be defined and added at the time of the certificate purchase (though they may be substituted with other domain names later).||The different subdomains, which are protected with a Wildcard, may be selected at any time.|
|Multi-Domain (SAN) SSL Certificate comes with DV, OV and EV options.||The wildcard SSL only comes with domain validation (DV) and organization validation(OV).|
Compare Multi-Domain SSL and Wildcard SSL Certificate
|Features||GeoTrust Multi Domain SSL||Thawte Wildcard SSL|
|Domain Secured||Multiple Domain Names||Unlimited Subdomains|
|Root Domain Support||Single Domain Name + 4 Different SAN Included||Main Domain + All Sub-domains|
|Price for 1 Year||$278||$399|
|Price for 2 Year||$235.50/yr||$349/yr|
|Issuance Time||1-3 business days||1-3 business days|
|SSL Encryption||up to 256-bit||up to 256-bit|
|CSR Key Encryption||2048 bits||2048 bits|
|Warranty by CA||$1,250,000 USD||$1,250,000 USD|
|Refund Policy||30 days||30 days|
|SAN / UCC Support||Yes||No|
|Buy Now||Buy Now|
Which one to choose?
New certificate buyers should first consider the level of protection that they desire for their website because EV (Extended Validation) SSL can only be applied to the SAN SSL certificates and not the Wildcard certificates. EV SSL has been increasingly gaining popularity because it offers the highest standard of protection through a stringent validation/verification process required by the CA/Browser Forum.
One major concern about Wildcard certificates is that if one of the subdomains is compromised, then all of the subdomains are at risk. However, while this worst-case scenario should be considered, an online business owner should not be deterred from benefitting from this helpful certificate if it truly and sufficiently meets their needs. The prices will vary on both of these certificates and every e-commerce owner should get as much protection as they can with their money without having to go overboard because of ‘possible’ pitfalls. Although, many owners simply prefer SAN certificates because they allow them to protect internal and external networks by using different domain names.
Obviously, both certificates allow the online business owner to extend protection in multiple areas with one certificate. Therefore, it depends on which direction the owner wants to extend that protection. If they are unsure about whether they want, or need, different domain names in the future, but they are currently sure that they need protection on multiple levels now, they may look at purchasing a SAN certificate to use in order to keep the option open. Before a commitment is made to Buy a Wildcard for a year, the owner should consider if they would like the opportunity to secure all of their needs with the broader SAN certificate (which would also allow them to more easily change the domain names and eliminate the possibility of having to wait for any certificates to expire before upgrading). It all depends on what that freedom is worth to the owner.
Wildcard and SAN compatibility
After reviewing numerous blog postings by new certificate users, it appears that the majority have experienced greater compatibility with the SAN certificates. Some certificate purchasers have voiced concerns of Wildcards not working as well with older mobile devices, POP/IMAP issues, and connectivity issues with Outlook Anywhere. With that being said, there were not very many specific explanations detailing the experiences encountered. Each online business owner that is interested in discovering more information about any potential issues with these different certificates should speak with other SSL purchasers or an SSL expert.
Need the best of both? Multi-domain wildcard certificates may be what you want. They automatically secure all subdomains for multiple domains that you specify. Buy COMODO Multi-Domain WildCard SSL Certificate with a wide amount of 50% discount from SSL Renewals an official partner of COMODO.
- Secure your site by using GeoTrust True BusinessID EV Multi-Domain
- 8 Things you should know before Buying an SSL Certificate