20 July 2018

Ksenya Fil

Head of Customer Care

Multi-domain SSL-certificates: benefits and order peculiarities

Today every site owner knows about SSL-certificates. The most popular certificates protect a single domain or domain and its subdomains. In this article we will focus on one of the SSL types, a multi-domain SSL-certificate. You will read about advantages it will bring you and considerations you should be aware of.

An SSL-certificate is a digital certificate issued for a certain domain by a Certification Authority. The certificate ensures visitors that all the sensitive data (logins, passwords, credit cards) passed between a website and their browser remains private and secure.

About multi-domain SSL-certificate

Very often companies have many websites (domains). Some of them can contain various sub-domains.

Example. E.g. a company manufactures and sells home furniture. Its main website is superfurniture.com, which is also accessible at www.superfurniture.com. The site has subdomains: forum.superfurniture.com, where clients can contact the manufacturer or chat with other customers; ideas.superfurnture.com — the website with ideas and recommendations from designers; mail.superfurniture.com is used within the company for setting up mailboxes for the company staff. The company also has several projects with individual websites: mysuperkithen.com offers kitchens, my-bathroom.net sells bathroom fitment, ourcozyhome.org — home decorations.

Using individual SSL-certificates for every domain is not that convenient, because you have to keep track of many certificates, each of them having different expiry dates; renew, pay, get new files, and install them. Your server administrator will definitely spent much time on completing this task.

With one multi-domain SSL-certificate you can protect all your domains and subdomains.

Benefits of using multi-domain certificates

Saves time — rather than keeping track of multiple orders, handling numerous validations and installations, you just get one file and install one single certificate.

Saves money — you can buy an individual SSL-certificate for each site, but it will cost you much. Some multi-domain certificates are cheaper than SSL-certificates that protect only one domain.

For example, GeoTrust True BusinessID for one domain costs 99 euro per year. GeoTrust True BusinessID Multi Domain, which costs 266 euro per year, includes 5 domain names without additional fees. This means you pay only 53 euro per domain.

How to get a certificate

Select and order an SSL in your Client area

At our website you can choose and order a multi-domain SSL-certificate according to your needs.

The order procedure is practically the same as for other types of SSL-certificates.

Select the main domain that will be specified in the Certificate Signing Request (CSR) and enter additional domain names. The multi-domain certificate protects a certain number of domains that are included into its price.

Comodo PositiveSSL Multi Domain includes 3 domains. It means that this certificate protects 3 different domains. If you want to protect more domains, you can order them at extra charge.

The number of domain names included into the price depends on the Certification Authority. The Certification Authority also defines the number of additional domain that users can order, for example, some certificates can protect only 100 domain names. If you have more domains, you should order several multi-domain certificates.

Pass the verification process

Before you have your SSL-certificate issued, you must go through the verification process. There are three validation methods:

Email-based validation. The Certification Authority will send a verification email (also called DCV email) to the mailbox of the domain associated with the certificate. The verification email will be sent to mailboxes of EVERY domain that you added during the order. The Certification Authority will not issue the certificate if one of the domains has not been validated.

HTTP-based validation. The CSR will be hashed. The hash values are provided to you, you must create a simple plain-text file and place this in the root of your webserver. The file must be located at:

  1. http://domain.com/uppercase_MD5.txt,
  2. http://test.net/uppercase_MD5.txt,
  3. http://subdomain.example.com/uppercase_MD5.txt.

DNS-based validation. A special CNAME record must exist. This CNAME record contains the MD5 hash value of your CSR. A multi-domain certificate requires that you add the CNAME for all the domains specified in the CSR.

Issuance time

The delivery time depends on the certificate validation type.

If you order a certificate with domain validation (DV), e.g. Comodo PositiveSSL Multi Domain, it will be issued with 15 minutes.

A certificate with organization validation (OV) (GeoTrust True BusinessID Multi Domain) may be issued within 3-10 days. Make sure that the CA can validate the company name, domain name, and other information through the use of public databases.

If you order a certificate with extended validation (EV) (GeoTrust True BusinessID with EV Multi Domain), the Certification Authority will verify business related legitimate documents of the company that controls a website. Because of the strict vetting procedures, the issuance of EV certificates usually takes longer than other types of certificates (up to 14 days).

Order peculiarities

Multi-domain certificates for a domain and its subdomains (Wildcard)

Wildcard certificates secure an unlimited number of websites that are subdomains of the domain name in the certificate. E.g. Comodo PositiveSSL Multi Domain Wildcard protects the following domains and all subdomains of one of them:

  1. *.example.com (including shop.example.com, forum.example.com, docs.example.com, etc.),
  2. test.com,
  3. mail.test.com.

Please note! To order a wildcard-certificate, you need to enter a domain such as *.example.com. The certificate will secure example.com and all its subdomains of the next level, such as forum.example.com. Domains of the upper level, such as tech.forum.example.com WON’T be protected.

It’s not a common case when a company needs to secure multiple domains and subdomains at the same time. So, if you want to save your money, we recommend that you include subdomains as individual domains within a non-Wildcard SSL-certificate (Comodo PositiveSSL Multi Domain).

Multi-domain certificates for protecting WWW and non-WWW domains

If you want to protect a WWW domain and non-WWW version of the domain, you must specify both variants in the order form. The multi-domain certificate covers only those domains and subdomains that you have indicated during the order process.

Multi-domain certificates for protecting WWW and non-WWW domains

If the certificate is issued for www.domain.com, example.us, and myworld.domain.net, please note that it DOES NOT secure domain.com, www.example.us, and www.myworld.domain.net.

How to add/remove domains to your multi-domain certificate

If you indicated 3 domains when ordering the SSL-certificate, and created a new website later, you can add more domains to your multi-domain certificate any time after issuance. Simply reissue the certificate, pass the validation procedure, and replace it on all the websites it protects.

You cannot add additional domains for already issued and activated certificates or those waiting for renewal.

Please note: When you add a new domain, its validity period won’t be added to the period of the already activated certificate. For example, if you ordered a yearly multi-domain certificate on January 1, 2018 and added a new domain on May 17, 2018, the validity period won’t change. It will be January 1, 2019. You will be charged the full price of the additional domain.

The cost of Comodo multi-domain certificate includes 3 domains, Geotrust multi-domain includes 5 domains. You will see the price of an additional domain during the order process.

How to order multi-domain certificate with extended validation (EV)

Multi-domain Wildcard EV certificates do not exist.

EV SSL certificate activates highly visible indicators directly on the browser address bar, indicating the highest level of protection. The Certification Authority checks every host of the multi-domain certificate. Since Wildcard SSL certificates can secure an unlimited number of subdomains that are not shown explicitly in the order form, the CA cannot identify the organizations and issue certificates for them.

Alternatively, you can purchase a regular multi-domain certificate with extended validation or several EV certificates for every domain name.

The multi-domain SSL-certificate is a good choice for companies having a large number of web-sites. It simplifies the order and further maintenance, allowing for better prices in comparison with individual certificates.

If you have any questions about SSL-certificates, please contact our Customer care department from your Client area or write us to sales@ispsystem.com. We will be glad to choose the right solution for you!

Ksenya Fil

Head of Customer Care