Multi Domain certificate
With a Multi Domain Certificate it's possible to secure multiple domain names and subdomains in one certificate. This type of certificate is also known as an SAN- or UCC (Unified Communications Certificate) certificate.
Requesting a Multi Domain Certificate
Multi Domain certificates are available on all the validation levels. If you want to secure multiple subdomains with a clearly visible company name a Multi Domain certificate is required, because Wildcard certificates with Extended Validation aren't available.
Visible company data
With company data
Without company data
SAN SSL Certificate
SAN stands for Subject Alternative Name. A Single Domain certificate contains one domain that's added in the CN (Common Name). A SAN certificate contains, in addition to the CN, multiple SAN fields in which (sub)domains can be added. See the image below.
Unified Communications Certificate
Because the ability to contain multiple domains, this certificate meets the requirements of the Unified Communications Certificate (UCC). This is needed to secure Microsoft Exchange with the autodiscover and webmail (sub)domain.
MDC with Wildcard
It's possible to add a wildcard domain to a Sectigo (Comodo) Multi Domain UCC and in Sectigo Postive SSL MDC Certificates. This can be useful if you want to secure subdomains of one domain, together with other domains in one certificate. The costs for a Wildcard domain will be invoiced in stead of the Single domain.
Subject Alternative Names
The amount of SAN's that can be added varies by brand:
- Sectigo has a minimum of 2 and a maximum of 210 SAN's.
- Thawte and DigiCert have a minimum of 1 and a maximum of 25 SAN's.
- Geotrust and GlobalSign have a minimum of 1 and a maximum of 100 SAN's.
Because a large amount of SAN's in one certificate may cause a higher loading time on for example mobile devices, we advice you to add a maximum of 50 SAN's per certificate.
In the certificate the SAN's can be found (depending on the browser) in the 'Subject Alternative Name' field. The Common Name (CN) will be added in the SAN field as well.
Requesting a Multi Domain Certificate
Please note the following for requesting an MDC:
- Add one domain as Common Name when generating the CSR. The other domains can be added as SAN's in the CSR. It also possible to fill in the SAN's when requesting the certificate on our website.
- When requesting a Sectigo (Comodo) Multi Domain certificate the domain validation takes place for every domain. When choosing a record -or CNAME validation, every subdomain will be checked individually.
- It's not possible to use a Wildcard domain as Common Name. Wildcards can only be added as a SAN.
Expanding a Multi Domain Certificate
You can add additional domain names to a SAN certificate by requesting a reissue. A reissue can be requested via the control panel. We recommend to use a new CSR each time. After the validation succeeded, a new certificate will be issued. The expiration date remains unchanged. When requesting the reissue all existing AND all extra domains need to be added to the request. You'll only be invoiced for the domains added extra.
Note: If the Private Key remains the same while expanding your Multi Domain certificate, it's not necessary to validate the existing domains. Only for the domain names added, domain validation is necessary. However, we recommend using a new CSR (with a new Private Key). If using a new CSR (with a new Private Key), domain validation is required again for all domains.
Limitations Multi Domain Certificates
- All domain names for which the certificate is valid will be added in the certificate. Visitors are able to see which other websites are secured with this certificate, when consulting the certificate.
- All domains need to have the same owner; there can only be one organisation name included in the certificate. The only exception is the Sectigo PostiveSSL MDC in which multiple domains with different owners can be added.
- Single Domain Certificates are valid for the www and non www domain. The MDC is NOT automatically valid for both. Both domains need to be added separately to the certificate. Only multidomain certificates from Geotrust and GlobalSign that are requested for the main domain (common name) with www, add the domain without www for free.