Multi-Domain SSL Certificate
A Multi-Domain SSL certificate secures multiple domains with one SSL certificate. It allows you to secure different domain names like example1.com, example2.com, example3.net, etc. under a single SSL certificate.
With a traditional single domain SSL certificate, you need to purchase separate SSL certificates for each domain you want to secure. A multi-domain certificate eliminates the need for multiple certificates and lets you secure multiple domains with a single certificate.
What is Multi-Domain SSL Certificate?
A multi-domain SSL certificate is a type of SSL certificate that allows securing multiple domains under a single certificate. Unlike traditional single domain certificates that only secure one fully qualified domain name, a multi-domain certificate can protect several different domains at once.
With a multi-domain certificate, you can add up to 250 domain names to the Subject Alternative Name (SAN) field of the certificate. The domains can be entirely different domains that are not related to each other. For example, you can secure example1.com, example2.net, example3.org, etc. on the same multi-domain certificate.
The main benefits of using a multi-domain SSL certificate are cost savings, simplified management, and better user experience. You only need to purchase one certificate instead of multiple ones, reducing costs. Certificate management is easier with one certificate to install and renew versus individual certificates. Users also get seamless HTTPS access to all domains on the certificate without any browser warnings.
How Does a Multi-Domain SSL Certificate Work?
A multi-domain certificate works by containing Subject Alternative Names (SANs) that match multiple domain names you want to secure.
Here’s a quick overview of how a multi-domain SSL certificate works:
- The certificate contains the primary common name (CN) which matches the main domain, like example.com.
- In addition to the CN, the certificate includes Subject Alternative Names (SANs) specifying additional domains like example1.com, example2.org, etc.
- The certificate is installed on a web server and secures all the domains listed as CN and SANs.
- When visitors access any of the domains, the browser recognizes that the certificate applies to that domain and shows the padlock.
Benefits of Using a Multi-Domain SSL Certificate
Multi-domain SSL certificates provide several advantages over traditional single domain certificates:
1. Cost Saving
The biggest benefit of a multi-domain SSL is the cost saving compared to buying multiple SSL certificates.
For example, a single domain cert like example.com may cost $60 per year. A wildcard certificate for *.example.com may cost $150 per year.
A multi-domain cert securing 5 domains example1.com, example2.com, etc. may cost just $250 per year.
So multi-domain certs provide significant savings compared to multiple single certs for every domain.
2. Easier Management
With a multi-domain cert, you just have one certificate to manage rather than keeping track of multiple single certs.
Installation, renewals and management is simplified with a single multi-domain certificate versus multiple individual certificates.
3. Better Security
Multi-domain certificates use stronger 2048-bit or higher encryption strength. Single domain certificates may still use weaker 1024-bit encryption.
Also, you get the benefit of more advanced security like HTTP Strict Transport Security (HSTS), Certificate Transparency (CT) etc. with a single multi-domain cert.
4. Universal Compatibility
Multi-domain certificates work with all major browsers and devices. You don’t have to worry about compatibility issues.
The certificate secures website as well as supporting HTTPS connection for email, FTP or other services used across the covered domains.
Limitations of Multi-Domain SSL Certificate
While multi-domain certificates provide an efficient way to secure multiple domains, some limitations to be aware of:
- No subdomains – Multi-domain certificates only cover additional registered domains, not subdomains. For subdomains, a wildcard cert is needed.
- Domain limit – Each SSL brand has a limit on number of domains per cert, usually max 250 domains. You may need multiple certs for very large number of domains.
- Issuer name – All the domains secured will show the same issuer name. This may not suit if you want domains to show up distinctly.
- Documentation – Multi-domain certs may need more extensive domain ownership documentation for security purposes.
The Best Certificate Authorities Offer Multi-Domain SSL Certificates
| Product Features | Sectigo PositiveSSL Multi-Domain | Multi-Domain UCC/SAN SSL | DigiCert Multi-Domain SSL | Comodo Multi-Domain SSL |
|---|---|---|---|---|
| Certificate Authority |  Sectigo  |
 SSL.com |
 DigiCert |
 Comodo |
| Multiple Domain Names | Multiple Domain Names | Multiple Domain Names | Multiple Domain Names | |
| $25.60/yrView Pricing | $141.60/yearView Pricing | $651.22/yr.View Pricing | $116.82/yrView Pricing | |
| Single Domain Name + 2 Different SAN Included | Single Domain Name + 3 Different SAN Included | Single Domain Name + 3 Different SAN Included | Single Domain Name + 3 Different SAN Included | |
 |
|
|
|
|
| Domain | Organization | Organization | Organization | |
 |
|
|
|
|
| Minutes | 5 Minutes | Minutes | 1-3 Days | |
| up to 256-bit | up to 256-bit | up to 256-bit | up to 256-bit | |
| 2048 bits | 2048 bits | 2048 bits | 2048 bits | |
| Medium | High | Medium | High | |
| Unlimited | Unlimited | Unlimited | Unlimited | |
 |
 |
 |
 |
|
|
|
|
|
|
| $50,000 | $1,250,000 | $1,000,000 | $250,000 | |
| 30 days | 30-Day | 30 days | 30 days | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 99% | 99% | 99% | 99% | |
|
|
|
|
|
|
|
|
|
|
| 24/7 Live Chat | 24/7 Live Chat | 24/7 Live Chat | 24/7 Live Chat | |
How to Install Multi-Domain Certificate
Installing a multi-domain SSL certificate is similar to installing a regular single domain SSL certificate:
Step 1 – Generate a CSR
The first step is to generate a Certificate Signing Request (CSR) on your web server.
The CSR must contain the primary domain as Common Name (CN) along with Subject Alternative Names (SANs) for additional domains.
For example a CSR for 2 domains may look like:
Common Name: example.com
Subject Alternative Names: example.org
Step 2 – Purchase the Certificate
Once you have the CSR, purchase a multi-domain certificate from any SSL provider.
Submit the CSR while placing the order. The SSL provider will verify the domains in CSR.
Step 3 – Install the Certificate
After purchase, you will get the SSL certificate files from SSL provider. Install these certificate files on your web server to complete the setup.
The process of CSR generation and certificate installation is same as installing any single domain SSL certificate.
How to Renew Multi-Domain SSL Certificate
A multi-domain SSL certificate needs to be renewed every 1-3 years before it expires. The renewal process is straightforward:
- First, generate a fresh CSR with the same domains as before.
- Next, purchase a renewal certificate from the SSL provider using the new CSR. Most providers offer significant discounts on renewal certificates.
- Finally, install the renewed certificate files on your web server.
The renewed multi-domain certificate will have a new validity period of 1-3 years depending on the issue date.
Some key points to note about renewals:
- Generate a new CSR, do not reuse the old CSR. This ensures you get an updated certificate.
- Renew a few weeks before the certificate expiration date to avoid any downtime.
- You cannot renew a wildcard certificate with a multi-domain certificate or vice versa directly. You will have to revoke the old cert and get issued a new one.
- If any domain names have changed, you can remove old domains and add new ones at the time of renewal.
- Install the renewed certificate promptly before expiry to maintain uninterrupted HTTPS protection.
- Set a calendar reminder for the renewal date to ensure you renew on time.
Revoking a Multi-Domain SSL Certificate
In certain situations like a security compromise, you may need to revoke and invalidate a multi-domain SSL certificate.
How to Revoke a Certificate
- First, contact the SSL provider’s support and request certificate revocation.
- The SSL provider will revoke the certificate which will add the cert to certificate revocation lists (CRLs).
- Browsers and devices check the CRL and will no longer trust the revoked SSL certificate.
- Finally, generate and install a new replacement certificate to restore security.
Key Reasons for Revocation
- Private key is compromised due to security breach.
- Domain name ownership changes and should not be secured by existing certificate.
- Certificate was issued with inaccurate or wrong information.
- You need to replace the existing certificate with an updated one.
FAQs on Multi-Domain SSL Certificate
What is the difference between a multi-domain certificate and wildcard certificate?
A multi-domain certificate secures additional registered domain names example1.com, example2.net etc. A wildcard certificate secures subdomains like *.example.com. Multi-domain certs don’t secure unlimited numbers of subdomains.
How many domains can be added to a multi-domain certificate?
The maximum number of domains depends on the SSL brand, but is typically between 3 to 250 domains per certificate.
Can I use a multi-domain SSL certificate with CDN and load balancers?
Yes, a multi-domain certificate will work seamlessly with content delivery networks, proxy servers and load balancers.
Can I get a refund or reissue on a multi-domain certificate?
Yes, Most SSL providers offer 30-day refund policy on SSL certificates.
How is root CA different for a multi-domain vs single domain certificate?
The root CA will be the same as it depends on the SSL brand. Multi-domain certificates do not have a different root CA than a single domain cert from the same provider.