Guide to Multi-Domain (UCC/SAN) Certificates

Guide to Multi-Domain (UCC/SAN) Certificates

Samantha Clark

A Multi-Domain SSL Certificate secures several different domain names with one SSL Certificate. It is also called a Unified Communications Certificate (UCC) or a Subject Alternative Name (SAN) SSL Certificate, and all three names describe the same product.

For an organization running many sites, this replaces a drawer full of single-name SSL Certificates with one SSL Certificate to order, validate, and install. Learn About the Subject Alternative Name (SAN) Field 🔗

Understanding Multi-Domain SSL Certificates

A Multi-Domain SSL Certificate uses the Subject Alternative Name (SAN) field to list every name it protects. Each entry in that field is a separate domain or subdomain, and the SSL Certificate is valid for all of them.

The names can span different domains rather than just subdomains of one domain. A single SSL Certificate might cover example.com, example.net, and mail.example.org side by side.

The maximum number of names depends on the specific SSL Certificate, and names are usually added in fixed blocks. List the names you know you need before ordering, and you can add more later if your needs grow.

Benefits and Applications

The first benefit is cost. One Multi-Domain SSL Certificate is cheaper than buying a separate SSL Certificate for every name, and the cost per name usually falls as more names are added.

The second is simpler management. One SSL Certificate means one validity period, one installation, and one expiry date to track, rather than a spread of separate SSL Certificates lapsing on different days.

The product suits businesses running several related sites, along with messaging and collaboration servers that present multiple host names. Securing those names on one SSL Certificate keeps coverage consistent across the whole estate.

Ordering and Validation

Ordering follows the same path as any SSL Certificate, with one addition. Generate a single Certificate Signing Request (CSR) for the primary name, then list every additional name during the order so each one is written into the Subject Alternative Name (SAN) field.

The primary name sits in the Common Name (CN) field, and the remaining names become Subject Alternative Name (SAN) entries. Each name must pass Domain Control Validation (DCV) before the Certificate Authority (CA) issues the SSL Certificate. Learn About Domain Control Validation (DCV) 🔗

Validation levels apply as they do to any SSL Certificate. Domain Validation (DV) issues quickly, while Organization Validation (OV) and Extended Validation (EV) add checks of the business behind the names. Learn About Extended Validation (EV) SSL Certificates 🔗

Adding Names Later

You do not have to plan for every future name. To cover an extra name after the SSL Certificate is issued, order an additional Subject Alternative Name (SAN) for your existing Multi-Domain SSL Certificate, and Trustico® adds the new name to it.

An additional Subject Alternative Name (SAN) is priced annually and automatically pro-rated to the validity left on your SSL Certificate license, so the new name shares the same expiry date as the rest. Check your remaining validity before ordering so the dates stay aligned. Explore the Trustico® Multi-Domain Range 🔗

Adding a name is separate from reissuing. A reissue produces a fresh copy of the same SSL Certificate with the same names, used after a Private Key change or to claim validity from a multi-year license. Learn About the Reissue Process 🔗

Technical Notes

A Multi-Domain SSL Certificate uses the same strong encryption as any modern SSL Certificate and is trusted by all mainstream browsers and operating systems. The Subject Alternative Name (SAN) field is a standard part of the X.509 SSL Certificate format, so support is broad.

Keep accurate Domain Name System (DNS) records for every name on the SSL Certificate, because validation and everyday access both depend on them. Where you mainly need many subdomains of a single domain, a Wildcard SSL Certificate can be the simpler choice. Compare Wildcard SSL Certificates 🔗

Keeping Coverage Current

Track the expiry date of the SSL Certificate so a replacement is in place before it lapses. Because every name shares one expiry, a single reminder covers the whole SSL Certificate rather than many separate dates.

Keep a written list of the names the SSL Certificate covers and review it whenever sites are added or retired. When a new site needs coverage, add it as an additional Subject Alternative Name (SAN) so it shares the existing expiry date.

Back to Blog

Most Popular Questions

Frequently asked questions covering Multi-Domain SSL Certificates, the names they secure, ordering and validation, and how they compare with Wildcard SSL Certificates.

What Does a Multi-Domain SSL Certificate Secure?

A Multi-Domain SSL Certificate secures several different domains and subdomains with one SSL Certificate. It is also called a Unified Communications Certificate (UCC) or a Subject Alternative Name (SAN) SSL Certificate, and the three names describe the same product.

Which Names Can a Multi-Domain SSL Certificate Cover?

A Multi-Domain SSL Certificate can cover names across different domains, such as example.com, example.net, and mail.example.org, not just subdomains of one domain. Each name is listed as a separate entry in the Subject Alternative Name (SAN) field.

How Many Names Can a Multi-Domain SSL Certificate Hold?

The maximum number of names depends on the specific SSL Certificate, and names are usually added in fixed blocks. List the names you know you need before ordering, and you can add more later as additional Subject Alternative Name (SAN) entries if your needs grow.

What Cost and Management Advantages Apply?

One Multi-Domain SSL Certificate costs less than separate SSL Certificates for each name, and the cost per name usually falls as names are added. It also leaves one validity period and one expiry date to track rather than many.

How Does Someone Order a Multi-Domain SSL Certificate?

Generate one Certificate Signing Request (CSR) for the primary name and list every additional name during the order. The primary name becomes the Common Name (CN), and the rest are written into the Subject Alternative Name (SAN) field.

Which Validation Levels Are Available?

A Multi-Domain SSL Certificate is offered at the Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) levels. Each name must pass Domain Control Validation (DCV) before the Certificate Authority (CA) issues the SSL Certificate.

How Can Someone Add a Name Later?

To cover an extra name, order an additional Subject Alternative Name (SAN) for your existing Multi-Domain SSL Certificate, and Trustico® adds it. The cost is pro-rated to the validity remaining on your SSL Certificate license, so the new name shares the same expiry date.

How Does Multi-Domain Compare with Wildcard Coverage?

A Multi-Domain SSL Certificate lists each name individually, which suits separate domains. A Wildcard SSL Certificate covers every first-level subdomain of one domain with a single asterisk entry, so it can be simpler where the names are all subdomains.

What Encryption and Browser Support Apply?

A Multi-Domain SSL Certificate uses the same strong encryption as any modern SSL Certificate and is trusted across mainstream browsers and operating systems. The Subject Alternative Name (SAN) field is a standard part of the X.509 SSL Certificate format.

How Should Someone Keep Coverage Current?

Track the single expiry date so a replacement SSL Certificate is in place before it lapses. Keep a written list of the covered names, and add new names as additional Subject Alternative Name (SAN) entries when sites are added.

Stay Updated - Our RSS Feed

There's never a reason to miss a post! Subscribe to our Atom/RSS feed and get instant notifications when we publish new articles about SSL Certificates, security updates, and news. Use your favorite RSS reader or news aggregator.

Subscribe via RSS/Atom