How to protect everything with just one SSL certificate

Today there is an agromnous number of different SSL certificates, but can a single certificate provide almost all of your needs? It turns out, yes! And it is very rare, only a few are aware of the existence of such a product as a Multi-Domain Certificate with support for an unlimited number of subdomains (Multi-Domain Wildcard SSL Certificate). But let's get everything in order.

Usually people use such certificates as:

• SSL certificate with domain validation (Domain Validation)

  SSL certificates with domain verification, or as some call them, entry-level certificates, are the most common in the world, and this is not surprising, because the speed of issuing such certificates varies from 2-10 minutes, depending on the brand. To obtain such a certificate, no documents are required, the whole process is extremely simple, you need to confirm ownership of the domain, and for this there are 3 ways, one main and two alternative.
  
  Entry-level SSL certificates with domain verification is one of the fastest-issued certificate types, since do not require any documents. We recommend these certificates for small sites and small projects, when you do not need a lot of trust from customers and site visitors, project. With such a certificate are often static security logos, but there are some that offer and dynamic, for example: Thawte SSL 123, Comodo SSL Certificate
  ')
  

  1. Email Verification (DCV Email)

     This method is described on many websites and blogs, the whole point is that the certificate authority will send you a verification letter, which will contain a link to confirm your domain ownership. Such a letter can be sent either to the e-mail address indicated on the Whois of your domain, or to one of the golden five: admin @, administrator @, hostmaster @, postmaster @, webmaster @
     
     

  2. Check with DNS Record (DNS CNAME)

     Quite a popular method, for those who may not be configured mail-server, and e-mail on Whois closed private registration. The bottom line is simple, you must make a special entry in your DNS, and the certification authority will verify it. The method is fully automatic.
     
     

  3. Verify with a hash file (HTTP CSR Hash)

     An even simpler method, you will be provided with a special .txt file, which you should upload to your server, the certificate authority will make sure it is available and the certificate will be issued. The method is fully automatic.
     
     

• SSL Certificates with Company Validation (Business Validation)

  These certificates are relevant for those who are thinking about trusting their products, companies and services, as the certificate authority conducts a more thorough check of your company. You will be asked to send company documents, go through the "callback" process on a corporate phone and some other processes. However, the result of use is much higher than in the case of initial certificates, since Your website will have a dynamic logo with information about your company. People appreciate it and easier to part with the money I pay for services and products on your site.
  
  

• Extended validation

  Prestige and trust are the foundation of certificates with extended validation. Only EV certificates will provide your site with a green address bar in the browser, and this is probably the easiest way to prove to your visitors that you think about their security, encrypt data, and most importantly, you can be trusted. Most often, such certificates can be found at banks, online systems with a large number of visitors, in almost all online stores and other sites through which important information flows. Obtaining such a certificate is not easy, the process is time consuming, but the result will not take long.
  
  

• SSL with subdomain support (Wildcard)

  A very convenient certificate when it comes to protecting a large number of subdomains within one domain. It can protect any number of subdomains, on an unlimited number of servers. You no longer need to install 5-10-20 different certificates, have as many IP addresses (if you do not use SNI technology), all within the same product. Often they are also used to provide security hosting panels, such as Plesk, cPanel.
  
  

• SAN SSL certificates

  Unified communications certificates (UCC), Multi-domain certificates, SAN SSL certificates, as they are not called, but they all share one property, the ability to protect multiple domains, subdomains, local domains (.local), server (server name: ' myserver01 '), they are ideal for Microsoft Exchange products. These certificates work with both external and internal domain names.
  
  

• SGC SSL Certificates

  Today, it is already possible to forget about these certificates, although they continue to be used, because they forcibly increase the level of encryption for older browsers from 40-bit to full 256-bit. Your website or online system will be protected and will receive the highest trust from all your users. The best sites use 128/256-bit encryption.
  
  

• SSL Certificates for Software (CodeSigning SSL)

  You will need this certificate when your users receive warnings and errors when downloading software code from your resources. An ideal product for software developers (software), it is used to protect software products distributed on the network. Your users will be sure that the code downloaded on your site really belongs to you, and is not intentionally damaged or changed.
  
  

Multi-domain certificate with unlimited number of subdomains

And so, slowly, we came to a miracle certificate, which can do almost everything. This is a mixture of a certificate with support for subdomains and a multi-domain certificate, as it can protect an unlimited number of subdomains on more than 100 domains, is compatible with MS Exchange, works on all types of platforms and the issued certificate can work simultaneously on Linux and Windows servers. What the certificate cannot do is provide resources with a green address bar.

The product is not cheap, it is more suitable for those who have a lot of their sites or a lot of certificates with support for subdomains (Wildcard)

Here is what you can protect:

• * .domain.com, * .domain2.com, * .domain3.com
• yourname.com or www.yourname.com
• mail.yourname.com;
• server name, example: myserver01
• autodiscover.yourname.com;
• exchange1.yourname.local
• and much more

We will be happy to answer any of your questions, give advice and advice. Have a nice day.