Do you operate multiple web sites and domains that need SSL Certificates?
SSL Certificates are essential if you operate a web site that exchanges personal information with visitors. They provide secured, encrypted communication where the visitor’s browser can verify it is connecting to your site and not some criminal that has hacked in to your site.
However, if you operate a lot of sites that require SSL Certificates it can get expensive and difficult to manage. Certificate Authorities charge annual fees for them and each certificate has an expiration date. If you have a large number you want to be sure that you do not leave any expired or revoked certificates in service. Browsers will display warnings for expired and revoked certificates that the site might not be trustworthy. That’s not the kind of messages you want your visitors to see if you value your reputation.
But there is good news!
There are two different types of SSL Certificates that could help you efficiently operate multiple sites, but you need to understand what they cover and their limitations before you decide what to use.
Wild Card SSLs for Subdomains
If you need SSL for multiple subdomains you should consider a Wildcard SSL. You can purchase one wildcard SSL that will cover a site and all its sub sites.
For example, you can apply one wildcard SSL that covers jelly.com, grape.jelley.com, strawberry.jelley.com, etc. The possibilities are literally endless!
The more subdomains that you operate the greater the benefit.
However, before you implement a wildcard SSL you need to understand two significant factors. First, wildcard SSLs are not issued with EV (Enhanced Verification). They are appropriate for many purposes on the public internet and internal intranet sites, but if you need the highest degree of assurance you need an EV Certificate.
An EV Certificate not only assures your visitors that you own the site, it assures them that you are a trustworthy business operation. This is critical for financial transactions, such as on shopping cart sites or other online payments.
SSL Certificates are essential if you operate a web site that exchanges personal information with visitors. They provide secured, encrypted communication where the visitor’s browser can verify it is connecting to your site and not some criminal that has hacked in to your site.
However, if you operate a lot of sites that require SSL Certificates it can get expensive and difficult to manage. Certificate Authorities charge annual fees for them and each certificate has an expiration date. If you have a large number you want to be sure that you do not leave any expired or revoked certificates in service. Browsers will display warnings for expired and revoked certificates that the site might not be trustworthy. That’s not the kind of messages you want your visitors to see if you value your reputation.
But there is good news!
There are two different types of SSL Certificates that could help you efficiently operate multiple sites, but you need to understand what they cover and their limitations before you decide what to use.
Wild Card SSLs for Subdomains
If you need SSL for multiple subdomains you should consider a Wildcard SSL. You can purchase one wildcard SSL that will cover a site and all its sub sites.
For example, you can apply one wildcard SSL that covers jelly.com, grape.jelley.com, strawberry.jelley.com, etc. The possibilities are literally endless!
The more subdomains that you operate the greater the benefit.
However, before you implement a wildcard SSL you need to understand two significant factors. First, wildcard SSLs are not issued with EV (Enhanced Verification). They are appropriate for many purposes on the public internet and internal intranet sites, but if you need the highest degree of assurance you need an EV Certificate.
An EV Certificate not only assures your visitors that you own the site, it assures them that you are a trustworthy business operation. This is critical for financial transactions, such as on shopping cart sites or other online payments.
Second, you should also consider that if one server or subdomain covered by the wildcard is compromised all of the others for that certificate are at risk.
The bottom line is that wildcard SSLs can be great, but make sure you use them wisely.
UC SSLs for Multiple Domains
If your organization uses an MS Exchange or Office Communications Server (OCS) environment, you can consolidate all of your certificates into a single Unified Communications (UC) SSL Certificate
UC SSL Certificates can be applied to multiple domains and host names. One UCC SSL certificate can be used for a domain and up to 99 alternate names, called Subject Alternate Names (SANs).
For example, you can protect both www.kjudge.com and www.kjudge.net with a single certificate.
A UC SSL Certificate differs from others only in that it includes a SAN field to list domains that the certificate will protect in addition to the primary domain. With Microsoft Exchange, you can easily update the SAN field to add or subtract domains.
Do you want to host multiple web sites on the same server? With a UCC SSL and SANs you can do that without having to use a unique IP Addresses for each site.
The only consideration here is that browsers display certificate information that shows the primary domain and all SANs. This is only a concern if you do not want your users to associate the sites.
Do you use Outlook Web Access?
If your operation uses Outlook Web Access (OWA) it is critical that all of your Exchange domains be protected by an SSL certificate. Otherwise, any sniffer could pick up userid and passwords and compromise your corporate communications.
UC SSL is an efficient way to cover all of your Exchange domains. Any additional costs from using SSL Certificates are nothing compared to the potential damage from a breach of your email system.
The bottom line is that wildcard SSLs can be great, but make sure you use them wisely.
UC SSLs for Multiple Domains
If your organization uses an MS Exchange or Office Communications Server (OCS) environment, you can consolidate all of your certificates into a single Unified Communications (UC) SSL Certificate
UC SSL Certificates can be applied to multiple domains and host names. One UCC SSL certificate can be used for a domain and up to 99 alternate names, called Subject Alternate Names (SANs).
For example, you can protect both www.kjudge.com and www.kjudge.net with a single certificate.
A UC SSL Certificate differs from others only in that it includes a SAN field to list domains that the certificate will protect in addition to the primary domain. With Microsoft Exchange, you can easily update the SAN field to add or subtract domains.
Do you want to host multiple web sites on the same server? With a UCC SSL and SANs you can do that without having to use a unique IP Addresses for each site.
The only consideration here is that browsers display certificate information that shows the primary domain and all SANs. This is only a concern if you do not want your users to associate the sites.
Do you use Outlook Web Access?
If your operation uses Outlook Web Access (OWA) it is critical that all of your Exchange domains be protected by an SSL certificate. Otherwise, any sniffer could pick up userid and passwords and compromise your corporate communications.
UC SSL is an efficient way to cover all of your Exchange domains. Any additional costs from using SSL Certificates are nothing compared to the potential damage from a breach of your email system.
In-depth over of SSL certificate securities. It will aid to web users who exactly wants a basic comparison of SSL certificate securities. I would like to recommend your post for comparison of SSL certificate products. Thanks for sharing with us.
ReplyDeleteWildCard SSL | SAN Certificate
hey guys good article thank you for sharing..
ReplyDelete