2

I am thinking about transitioning a number of websites over to using a UC or Multiple Domain SSL certificate.

I guess I'm just wondering what the drawbacks are. So far the only ones I can find are that:

  • they're not ideal if you don't want different domains identified with each other.
  • because you have only one certificate instead of several, if one certificate gets compromised then it's a greater security risk
  • there are some concerns about compatibility with older browsers, as well as some mobile browsers

We don't deal heavily with private information, just info like e-mail, name, organization, etc. We do collect credit card payments but the volume is very small. These certificates would be used mostly for logins.

Jordan Reiter
  • 1,260
  • 4
  • 17
  • 38

2 Answers2

2

Adding to what you've got up there:

  • Cost.
  • Need to re-request and re-issue the certificate when you add or remove a domain.

I wouldn't give much weight to the security concern of key compromise; if your web server is breached and is hosting all of those sites, private keys for separate certificates will all be just as accessible to an attacker as a single alternate-name certificate's key would be.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • Actually, for my purposes cost is one of the reasons we're considering it. GoDaddy at least charges just $165 for up to 10 domains, making it a far cheaper option (for us at least) than individual or wildcard SSL certificates. However, needing to reissue the certificate everytime a domain is added or removed is a real concern. We probably won't be removing domains but I can see adding them (particularly subdomains) so maybe a wildcard SSL might serve our purposes better. – Jordan Reiter Sep 19 '11 at 16:56
  • I went ahead and got the certificate. It works great! – Jordan Reiter Oct 22 '11 at 22:07
0

Performance and updates must be considered;

Multi-domain SSL certificates are popular and they don’t expose the security risk of wildcard certificates that I described above, but they have some issues of their own. First, the more SAN fields you add to a certificate, the larger the certificate, and size impacts the performance of your website. Because the certificate has to be downloaded to the browser before any content is loaded, you should be especially sensitive to the size of the SSL certificate you use. A multi-domain certificate with 5 or 10 SANs may not make much difference, but one with 50 or 100 is likely to have a big impact on performance.

Multi-domain certificates are often updated to add or remove websites. Each time a change is made, the certificate must be reissued and replaced on all the websites it protects. These changes can be risky and result in downtime for your websites.

https://casecurity.org/2014/02/26/pros-and-cons-of-single-domain-multi-domain-and-wildcard-certificates/

Community
  • 1
lockedscope
  • 101