Difference Between Wildcard SSL and SAN SSL Certificates
SSL certificates are terrific at blocking out eavesdroppers and miscreants trying to wreak havoc in the virtual world. These negative elements have stolen over a trillion dollars from the global economy and show no stopping.
Since most attacks occur when the data is transmitted from one device to another, proponents of cybersecurity encourage the use of SSL certificates. These work by triggering encryption and making the in-transit data illegible to unauthorized interceptors.
However, a particular SSL can extend encryption only to a particular portion of the website, depending on the type you choose. Although there are many types, the two that influence encryption coverage are the Wildcard Certificate and the Subject Alternate Name (SAN) SSL certificate.
- Understanding a Wildcard SSL Certificate
A Wildcard SSL certificate encrypts the primary domain and its subdomains on the first level. It gets its name from the Wildcard character, an asterisk used to define subdomains during the CSR key generation process. This is done by including the wildcard character before the domain name (*.DomainName.com). Once the Wildcard SSL is issued, it encrypts existing subdomains and also the ones created later on.
Confused? In the internet landscape, some domains and subdomains need to be encrypted using an appropriate SSL Certificate. While domains are standalone names like www.msn.com or www.cnbc.com, subdomains are offshoots of a particular primary domain. For instance, news.msn.com, payment.amazon.com or login.cnbc.com, and so on. These are first-level subdomains and can be encrypted using a Wildcard SSL. Second level subdomains would be visa.payment.amazon.com or login.mobile.cnbc.com, which, as you may have noticed, are on a different level.
Now imagine having a website with ten subdomains. In this case, you would have to install a total of eleven standard or domain validated SSL certificates — one for the primary domain and one each for the ten subdomains. This can be overwhelming for the website owner because each SSL needs to be individually installed and tracked for expiry, renewed, and maintained.
This can be done through a single Wildcard SSL certificate which is often available as an Organization Validated (OV) Wildcard SSL certificate. While the Wildcard feature encrypts all the primary domain subdomains, the superior validation brings along a priceless trust seal.
- Benefits of Wildcard SSL
- Encrypts multiple subdomains of a specific primary domain.
- No need to install an SSL every time you create a new subdomain.
- Cheaper than installing multiple SSL certificates on your website.
- Convenient to manage.
- When to Use Wildcard SSL
You can choose a wildcard SSL if your website uses multiple subdomains or intends to do so soon.
Businesses requiring superior validation may opt for an OV SSL with the Wildcard feature. It gives them the two-fold benefit of organization validation and wider encryption.
E-commerce websites and other sites accepting online payments usually do so through a separate subdomain and therefore use the Wildcard SSL.
Subscription-based websites that require authentication usually have a separate ‘login’ subdomain through which they authenticate users. Then again, they have one for payments. It only makes sense for such sites to opt for a single Wildcard SSL certificate.
- Understanding a SAN SSL Certificate
A SAN SSL certificate, sometimes referred to as a Unified Communications Certificate (UCC) or a multi-domain SSL certificate, lets the user encrypt multiple primary domains with a single SSL. It is ideal for businesses that own multiple websites such as affiliate marketing, e-commerce, etc. Usually, these are available as Extended Validation (EV) SSL certificates which offer the highest level of validation and eliminate the hassles of repeatedly having your websites validated.
Apart from multiple primary domains, you can also secure subdomains, IP Addresses, local hostnames, and mail servers. The amazing thing about SAN SSL is that you can encrypt all of this with a single digital certificate which helps you save money and reduces the time spent on validation. Each SAN SSL comes with a maximum limit of domains, hostnames, IPs, or mail servers that can be encrypted with it. So, make it a point to read through that before finalizing one.
- Benefits of SAN SSL
- You can use it to encrypt multiple domains and subdomains.
- A SAN SSL can also encrypt hostnames, IPs, and mail servers.
- You can encrypt FQDNs or subdomains with it.
- A single SAN SSL can encrypt domains, subdomains, hostnames, IPs, and mail servers
- When to Use SAN SSL?
- Affiliate marketers and e-commerce businesses must opt for a SAN SSL.
- Businesses with a global footprint and multiple country-specific domain extensions can benefit from a SAN SSL.
- Websites using subdomains at multiple levels can use SAN SSL to define and encrypt each level.
- The SAN SSL is the perfect choice for Application Service Providers as they can offer services to multiple clients, with each using a distinct domain name. All the domain names can then be secured using the same SSL certificate.
- Wildcard SSL vs SAN SSL
Wildcard SSL certificates are only suitable for businesses having a single website with multiple single-level subdomains. It is recommended that you opt for a SAN SSL and define the FQDN or subdomain for everything else.
A point to note is that the SAN SSL is slightly more expensive than the Wildcard SSL but makes up for the difference by letting users encrypt IPs, hostnames, etc.
Speaking of validation, we already mentioned that the Wildcard SSL usually comes with the OV feature, while the SAN SSL comes with the EV validation. The EV validation is far more comprehensive than the OV and usually takes longer.
Final Takeaway
As discussed, both Wildcard and SAN SSL certificates have unique features, making them useful in different scenarios. So, before buying one, make it a point to evaluate your requirements carefully. You don’t want to end up with an unencrypted subdomain that compromises your website’s security or an SSL certificate that does not encrypt communication from your mail server.