Tuesday, 7 June 2011

UCC SSL: If You Need SSL on Many different Domains

This means that buying an SSL Certificate for example dot com will not give you SSL security for anotherdomain dot com or secure.example dot com. 

Got multiple subdomains needing SSL security? 

Wildcard SSL is your best option. This solution isn't enough for those who need SSL on multiple domains. What about them? Unified Communications Certificate (UCC) SSL is the answer.

Know the Difference between Wildcard and UCC SSL

A Wildcard in the certificate's Common Name lets one certificate be used on different subdomains. For instance, the Common Name *.example dot com enables you use one wildcard certificate for www.example dot com, work.example dot com, or settings.example dot com, but not on, anothername dot com, or shop.anothername dot com. 

The good thing is that UCC SSL will function just fine in the final example. UCC SSL, instead of using the Common Name field, uses the Subject Alternative Name (SAN) field on the certificate. The SAN let you add more domains that will use one UCC SSL certificate. Only one UCC SSL certificate will be enough for example dot com, secure. Example dot com, another name dot com,, and one more dot com. Depending on your deal with the certificate provider, you are allowed to add a specific number of domains or subdomains on the certificate.

Benefits to UCC SSL

The most obvious benefit to using UCC SSL Certificates is to cut costs. If you only use a few domains, you may be fine with typical SSL certificates that cost about $150 each. But once you need five domains, you will need to come up with $750. Think how much you can save on 3 domain names when UCC SSL costs only $300 each.

Sometimes, you can get additional domains on the same certificate at $40 each. Some providers will even let you add a limited number of subdomains on the UCC SSL certificate at no charge as a bonus.

UCC SSL is good for another reason, and that's manageability. Most people will cringe at the thought of having to purchase, set up, and then renew annually several SSL certificates. It's a difficult task to whoever is supposed to manage them. Errors can be easily made when managing a number of certificates. Delays from fixing errors will cost you time and money. Just think about how that compares to worrying about just a single UCC SSL certificate. It's a whole lot easier to manage a single certificate. Errors are easily minimized.

Unlike with Wildcard Certificates, UCC SSL certificates may be used with Extended Verification (EV). In other words, visitors that view the SSL secured pages of your website will see a greed address bar on their browser. This will enhance the confidence of customers or clients when they use your website.

Are There Any Drawbacks?

Using UCC certificates does have some drawbacks. Security is the first that comes to mind. Only one private decryption key is used by all the servers that use a single UCC SSL certificate. Several servers usually host multiple domains. This means that if someone manages to compromise one of your servers and retrieve the decryption key, every on every server that uses the same certificate is also compromised.

If, for some reason, your UCC SSLCertificate is revoked, all domains will not work. That basically means that you have to close your website until you either get a new UCC certificate, or get a certificate for every single domain on your site.

No comments:

Post a Comment