Home » Blog » Security » SSL certificates that covers more than one address

SSL certificates that covers more than one address

Written by: Jon Eivind Malde

Wildcard certificate

If you have web hosting with PRO ISP it is not only the website you should consider making secure when it comes to SSL. You are most likely using email and other services you are not aware of should use SSL. This is especially important if there are many users of these services. Wildcard SSL certificates will the best choice in this case. The following addresses are useful to secure with SSL on our web hosting (in addition to the website itself):

  • webmail.exampledomain.org
    You can connect to http://webmail.exampledomain.org without any problem unsecured, but we recommend you always use https instead with the alternate address you have been given (which is a bit more difficult to remember). The benefit of SSL on webmail.exampledomain.org is that you can use this address with https and it is easier to remember for all the email users on the domain.
  • mail.exampledomain.org
    This address is used typically in email clients as host name when setting up email addresses. If you do not have a certificate on this address users will receive a warning regarding the SSL certificate not being the same as the address. The warning will not appear if you have installed a valid SSL certificate and you will avoid any confusion for the email users. Be however aware you may just as well use exampledomain.org as host name in the email client. The reason why many still use mail.exampledomain.org is probably because the address traditionally has been used for this.
  • cpanel.exampledomain.org
    This is the address you can log into cPanel with. If you do not have a certificate on this address we recommend you always use https instead for the alternative address you have been given. The benefit of SSL on cpanel.exampledomain.org is that you can use the address with https and it is easy to remember.
  • ftp.exampledomain.org
    Many people use this address for FTP (up-/downloading of files) service. Several FTP clients are now using SSL/TLS automatically and these will show a warning for the error on the certificate unless you are using your own certificate.For many of the addresses above it is not possible to install a certificate for each address. There is however a type of SSL certificate that covers most of the addresses above and that cPanel sets up to secure all the addresses with: Wildcard SSL certificate.This certificate will secure all sub domains of the domain the certificate is issued for and will in the example above be *.exampledomain.org. You will in other words be able to use it for all the addresses above, as well as other sub domains you create, for example webshop.exampledomain.org.

 

When should you consider using Wildcard SSL certificate?

We would recommend this in two cases:

  • If you have several sub domains you wish to secure, as it will be easier to operate fewer certificates, and cheaper then several certificates.
  • If you have several users for webmail, email clients, cPanel or FTP as you will not have confusing errors and you can use easier addresses to reach the services.
    Be aware there are not any Wildcard certificates for EV certificates.

Multi-domain SSL certificate

As the name indicates, multi-domain certificates can secure several addresses. Typically, it will secure a total of 3 or more addresses with the option to purchase more. The benefit of this certificate versus the wildcard certificate is that you can purchase several domains and sub domains on the same certificate. For example, you can secure the following in one certificate:

  • exampledomain.org
  • abc.proisp.no
  • proisp.eu

You can normally secure up to 100 different wildcard addresses in one certificate (even more in some cases).

When should you consider using multi-domain SSL certificate?

We would recommend this in the following cases:

The same recommendations for wildcard if there are a few sub domains to be secured.
cPanel prevents the installation of more than one certificate on domains and sub domains pointing to the same folder on the webserver. Typically, our clients have this problem when using alias domains where they would use mycompanyname.no, mycompanyname.com, mycompanyname.se all pointing to the same holder. You will then need to use a multi-domain certificate to secure these domains – if not it is only possible to secure one of them.

When you want to secure several (sub)domains with an EV certificate:
If you are in full control and have a clear overview of your domains this certificate would be practical. In many cases we however see there are issues with issuing, reissuing and renewal if you have many domains on one certificate. The reason could be errors in the information registered on one domain, a configuration that has been altered or other issues that causes delays.

Due to this we recommend you avoid use of a multi-domain certificate unless you:

  • Have full control and a good overview of the domains.
  • Do not have any problems with several addresses pointing to the same folder on the web server.
  • You don’t have many sub-domains
  • There are wildcard multi-domain SSL certificates as well!

 

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This