Does each domain need its own SSL certificate?

The integration of an SSL certificate is an effective method to encrypt the data traffic of a website. A single certificate is usually issued for a specific domain or IP address. If multiple web projects are managed with different IPs, a Multi-Domain SSL certificate is recommended to save costs and maintenance efforts.

The following article demonstrates how to protect multiple domains with a single Single-Domain SSL certificate.

How an SSL certificate works

To install an SSL certificate on a server, the website owner must first submit a Certificate Signing Request (CSR). This is a small text file containing the public key and specific data about the domain to be encrypted and its owner.

The website operator sends the CSR to a Certification Authority (CA) to apply for an SSL certificate for the registered domain. The CA verifies the applicant's identity and issues the SSL certificate if the data is correct. Once the applicant has installed the certificate on their server, encryption is active for the respective domain.

If multiple websites are maintained, this process would need to be repeated for each individual domain certificate. To avoid significant effort and potentially high costs, multiple domains can be secured with a single Multi-Domain certificate. Various options are available for this purpose.

Securing Multiple Subdomains with One SSL Certificate

As shown above, an SSL certificate is issued for a Fully Qualified Domain Name (FQDN).

This means that the domain name is fully listed in the certificate. In a single-domain certificate, the URL has this form:

www.exampledomain.comWith a Wildcard certificate, an unlimited number of subdomains can be encrypted. The domain name is then entered as follows:

*.exampledomain.com

The "*" represents any third-level domain names. The certificate's encryption is automatically active for any subdomain. No manual entries are required afterwards.

Securing Multiple FQDNs with One SSL Certificate

UCC Certificates

UCC stands for Unified Communications Certificates. These certificates allow for encrypting a variety of domain names within a second-level domain.

Therefore, multiple domain names such as

• www.exampledomain.com
• www.exampledomain.net
• shop.exampledomain.com
• en.exampledomain.com

can be listed in the CSR. Based on this, the CA issues a single certificate for all relevant internet addresses. A UCC is well suited for shared hosting. If the websites are hosted on multiple servers, the certificate must be installed on each relevant piece of hardware.

SAN Certificates

If multiple standalone domains need to be secured with one certificate, SAN certificates are the best solution.

SAN stands for Subject Alternative Names. When a CSR includes SAN, an infinite number of different domain names can be listed. The certificate issued by the CA must be installed on the respective servers to activate encryption.

Pros and Cons of Multi-Domain Certificates

The advantages of encrypting multiple websites with a single SSL certificate are primarily seen in significant cost reduction and reduced administrative and maintenance effort.

On the other hand, website owners must also be aware that Multi-Domain certificates list all relevant domains. Therefore, through the SSL certificate, visitors to a site can see which domains are still owned by the operator. Those who do not want this should refrain from using corresponding SSL encryption solutions.

Also, find out if you can issue an SSL certificate for an IP address?

Image credit: Gerd Altmann on Pixabay