: Wildcard SSL vs Multi-domain vs multiple single certs Suppose I want to buy SSL certs for a domain, say xyzzy.com and three sub-domains (www.xyzzy.com, smtp. and mail. for example). There seem
Suppose I want to buy SSL certs for a domain, say xyzzy.com and three sub-domains (www.xyzzy.com, smtp. and mail. for example). There seem to be several options: multiple single-server certs, a "multi-domain" cert or a "wildcard" cert. This question has to do with technical reasons for choosing one type of cert over another.
Currently the reseller I'm considering (NameCheap->Comodo PositiveSSL) prices certificates as follows (annual cost):
Single server 9.00
Multi-domain 29.00
Wildcard 94.00
So for a total of 4 names it would seem a multi-domain cert would be the minimum cost, and for fewer than 4 I should just buy single-server certs.
Note that this is not for e-commerce or personal information, so extensive verification is not needed.
Is there any technical reason for choosing something other than the lowest cost alternative?
More posts by @Frith620
3 Comments
Sorted by latest first Latest Oldest Best
It seems that no one has mentioned about multi domain and wildcard SSL certificate combination here in answer. Now, many third party Certificate Authorities offers this type of certificate and they are known as Multi Domain Wildcard SSL, which helps to protect multiple fully qualified domain name and unlimited sub domains on the multiple servers.
This Multi Domain Wildcard SSL certificate comes with premium layers of securities such as unlimited server licenses, 256 bit SSL encryption, dynamic trust seal, 99% mobile and web browsers compatibility and much more.
Using multiple certificates makes recovery easier in the event of a compromise of your private key. If you have multiple subdomains across several servers sharing the same certificate (and private key) then all the traffic on all machines is instantly vulnerable once any machine is compromised. It's the 'all your eggs in one basket' problem.
Another thing to consider is whether you plan to use something like AWS's Cloudfront CDN mapped to your own subdomain, which means that you now have to share your private key with AWS to enable it. Using unique certs means AWS only sees the private key unique to one subdomain.
These are more security than technical issues, so you have to weigh how much time it would take to swap certificates across however many subdomains you plan to use. If you only use a few, the difference is tiny (but then so is the price difference). If you plan to use many, the price difference is greater and so is the time spent updating that many more machines or services.
One last note, at time of posting this answer the new Certificate Authority Let's Encrypt will be launching in just under a month, in mid-November 2015, and this will make it possible to generate free certificates. They do not support wildcard certificates (for the reasons outlined above) but if you can wait a few more weeks the pricing becomes a non-issue.
From my personal experience, depends if your site/proyect would need or not some extra domains in the short range.
Wildcard Cert will cover all the subdomains, so if your site grows bigger it should end being the most cost effective solution.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.