SlideShare a Scribd company logo

Wildcard and SAN - Understanding Multi Domain SSL Certificate

CheapSSLsecurity
CheapSSLsecurity

Know what are Wildcard and SAN SSL Certificates and how it secured multiple domains and sub domains.

Technology
1 of 11
Download to read offline
WHITEPAPER: WILDCARDANDSAN:UNDERSTANDING MULTI-USESSLCERTIFICATES Wildcard and SAN: Understanding multi-use SSL Certificates Leveraging multi-use digital certificates to simplify certificate management and reduce costs White paper
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 2 Wildcard and SAN: Understanding multi-use SSL certificates Contents About digital certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Proof of authenticity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Using SSL to move HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Secure Sockets Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Protecting servers and services with SSL certificates . . . . . . . . . . . . . . . . . . . . . . 4 Maintaining SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Types of multi-use SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Wildcard certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Subject Alternative Name (SAN) certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Making the selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 In summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Table: Wildcard vs. SAN certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 3 When you employ web-based services on the Internet, SSL certificates are the industry standard for authentication and security. Depending on how you plan to use SSL certificates, multi-use certificates can provide greater flexibility than traditional certificates. Multi-use certificates protect multiple Fully Qualified Domain Names (FQDNs) and subdomains, lowering your administrative costs and simplifying certificate installation, management and deployment. About digital certificates The best way to prove your identity on the Internet is to use a digital certificate. A digital certificate relies on a trusted third-party authority, or Certificate Authority, to verify your identity and then uses a chain of trust that begins with you and works up to the trusted authority to validate your identity. This chain of trust provides verifiable security on the internet. Digital certificates provide: Proof of authenticity Digital certificates demonstrate and validate the authenticity of the source of the web content. Integrity Digital certificates make it difficult to modify content in transit because the content is encrypted. Availability Digital certificates enable the availability of secure information exchange online. By providing a constant verification service, certificate authorities identify bad risks for certificates and mitigate those risks through a series of lists and checks. Confidentiality SSL encrypts data both in the content itself and in the transport mechanism that is used to send the data to a destination on the Internet, ensuring confidentiality. Using SSL to move HTTPS Organisations that process transactions on the Internet, or offer Internet-based services, rely on digital certificates to validate that they are who they claim to be, ensuring trust in their services. Most organisations add certificates to their Internet-facing servers to ensure accurate proof of their identity. When a customer accesses a web page that is hosted on a server with a digital certificate, their web browser automatically detects the certificate and modifies the session. The session moves from an ‘open’ session that uses Hypertext Transfer Protocol (HTTP) to a secure HTTP (HTTPS). HTTPS allows for the encryption of all the data sent between the user’s computer and the server. Secure Sockets Layer Secure Sockets Layer (SSL) provides HTTPS data encryption. SSL creates an encryption tunnel between the client and the server that protects the transfer of data from one point to the other during the communication exchange. You know you are using SSL when the web address starts with https:, and your browser displays a closed padlock in its status bar, and/or you see a green background in the address bar. Note that the green background in the address bar and the padlock are hallmarks of an Extended Validation (EV) SSL certificate. Extended Validation certificates provides the highest level of authentication available for a SSL certificate. Because EV SSL authentication standards require strict issuance and A SSL trust mark or site seal lets your customers know that a Certificate Authority has authenticated and verified your organization.
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 4 management processes established by the CA/Browser Forum, EV SSL Certificates provide an extra layer of protection for online businesses and their customers. Protecting servers and services with SSL certificates To enable SSL on an externally facing server, an organisation must purchase a certificate from a trusted Certification Authority (CA). The organisation purchases one certificate for each service that it plans to protect (e.g. email, instant messaging, mobile device management and web-based interactions). An SSL certificate contains the service’s Fully Qualified Domain Name (FQDN) and ties a service’s domain name to the server. This combination makes it possible for a browser (or another agent) to compare the domain name that the service accesses with the domain name of the certificate. Maintaining SSL certificates Certificates last for a finite period of time: typically one, two or three year periods. To avoid maintenance every year, it is recommended you purchase certificates that are valid for extended periods of time. It’s also convenient to select static service names because each time a service name changes, the certificate must change on each server that provides the service. These strategies reduce the workload associated with periodic renewal and installation of certificates on your servers. Services that use subdomain names (names that use the same root or domain name, but have a different prefix or subdomain name) have an additional maintenance overhead. Because subdomain names are embedded into SSL certificates, organisations usually buy one certificate per service. If the organisation protects numerous services with unique certificates, this can become expensive and time-consuming to manage. Types of multi-use SSL certificates Two types of multi-use SSL certificates can greatly reduce the complexity of managing SSL for services and subdomains. • A Wildcard Certificate allows you to secure multiple subdomains under a single unique FQDN. Using one wildcard certificate not only simplifies certificate management, but also lowers your administrative costs while providing immediate protection to current and future subdomains. • A single Subject Alternative Name (SAN) certificate can secure multiple FQDNs. SAN certificates provide flexibility when your website does not share the same domain name. Unlike wildcard certificates, SAN certificates have the additional benefit of being able to support deployments that require Extended Validation (EV) certificates. Wildcard certificates Wildcard certificates are regular SSL certificates that support the wildcard character “*” as a prefix to the FQDN, allowing it to secure multiple services. Wildcard certificates do not include specific service names and always contain a wildcard character that prefixes the domain name.
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 5 A wildcard certificate can be more flexible than using multiple single purpose certificates because you can apply the wildcard certificate to a number of different services. You can also add, change or replace services without needing to update the certificate or purchase new certificates. For example, suppose you want to protect servers that run an instant communication protocol like Session Initiation Protocol (SIP) and an email service. With single-use certificates, you need two certificates because you have to embed the name of each service into each certificate. As long as the domain is the same, however, you can secure both services with one wildcard certificate. So the wildcard *.symantec.com can secure both sip.symantec.com and mail.symantec.com with just one certificate. Using a wildcard character as a placeholder in the domain name embedded into the certificate makes the certificate more flexible. You can also apply it to any number of services since the wildcard character can represent any subdomain name, simplifying the certificate management process. Because wildcard certificates manage multiple subdomains and the services names they support, they can be less secure than SAN certificates. We do not recommend their use as the primary certificate solution for enterprises. When you deploy a wildcard certificate, always make sure that you implement strong logical and physical policies to protect your assets. Subject Alternative Name (SAN) certificates Subject Alternative Name (SAN) certificates enable you to include multiple FQDNs in one certificate. Unlike wildcard certificates that can support an unlimited number of prefix or subdomain names as long as the domain name remains the same, SAN certificates only support the FQDNs entered into the certificate. Depending on the issuing Certificate Authority, SAN certificates can support 100 or more different FQDNs in one certificate. A SAN certificate includes the standard Subject Name field, which supports a single primary web-based service name. The subject name is what the certificate secures, as listed in the example in the component fields. It consists of a Common Name, Organisation, Organisational Unit, Town, County and Country. It has an additional field – the Subject Alternative Name (SAN) field – for additional service names. You can install a SAN certificate on several servers, where it supports internal and external service delivery. Subject Alternative Name (SAN) certificates are also called Unified Communications Certificates (UCC) because they were primarily designed to support real-time communications infrastructures. SAN certificates, or UCCs, are useful when organisations want to use different root or domain names to run Internet-facing services.For example, an organisation that provides internal (sip.symantec.net) and external domain (sip.symantec.com) unified communications services can use a single SAN certificate to secure both FQDNs. The organisation would need two wildcard certificates because symantec.net and symantec.com are different domains. A single wildcard certificate – like *.symantec.com – can secure the following domains: www.symantec.com finance.symantec.com mail.symantec.com sip.symantec.com register.symantec.com However, it cannot secure: www.symantec.ca mail.test.symantec.com SAN example One SAN certificate can protect: yourbusiness.co.uk mybusiness.com yourbusiness.net products.yourbusiness.com support.products yourbusiness.com
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 6 Another way to use a SAN certificate is when you validate secure internal and external services. You might have both an internal and external SIP service for instant messaging: internal sip.symantec.com and external sip.symantec.net. In this situation, you must have a certificate on each server in the internal and external service to allow your users to work whether they are in the office or on the road. The same scenario applies for instant messaging infrastructures where you want to encrypt both internal and external messages. Note that servers cannot include two certificates for the same purpose. SAN certificates are also useful for application service providers (ASP) who host applications for multiple clients with each client using their own domain name. By using a SAN certificate, ASPs can use a single certificate to support multiple clients. Note that the site seal and certificate are only for the primary domain name entered in the certificate and do not include any of the other domain names. The certificate includes all of the domain names verified at the time of purchase. SAN certificates have the same issues as single-purpose certificates. When the actual service names are embedded into the certificate, your services must always use the same name otherwise you have to change the certificate. Because the certificate is a multi-use certificate, you change it on each of the servers that host the certificate-supported service. When you want to add services to provide further functionality to your users, you must update the SAN certificate with the new service names. While multi-domain certificates are useful for supporting unified communications deployments, keep these caveats in mind: • SAN certificates do not support wildcard characters. For this reason, you need to add subdomain names as unique domain name entries in the certificate at the point of purchase. Each time you want to add a new domain name or you remove an old one, you need to update and re-deploy the certificate to each host server. • When hosting websites for multiple clients, ASPs should be aware that all domain names are visible in a SAN certificate. If the ASP does not want one site to appear connected to another, use a different kind of certificate. Making the selection Multi-use certificates can secure multiple web services using a single certificate. To accomplish this, these certificates either add a subject alternate name field to the common single-use certificate or use a wildcard to replace the subdomain or prefix name in the certificate. Multi-use certificates save money and simplify management by including multiple names within the same certificate or replacing service names with a wildcard. Use SAN certificates when you need multiple domain names for each service. WILDCARD CERTIFICATES Use a wildcard certificate when you want: • a single domain name for all services • a single domain and multiple subdomains that cover all services SAN CERTIFICATES Use a SAN certificate when you want: • unique domain names for each service • the option of providing Extended Validation protection
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 7 In summary Most organisations use a least one public domain name and one private domain name to segregate their internal and external name spaces. In this case, only SAN certificates work. For organisations that only use one single public domain name the wildcard certificate may be a good option. Multi-use certificates make it much easier to deploy multiple secure services both internally and externally and have distinct advantages in lowering costs and reducing resources. This ease of deployment is particularly useful in environments that include several services such as mail, instant messaging, web, mobile device management and File Transfer Protocol. If this is the situation that applies for your organisation, then your best choice is a multi-use certificate designed to fit your needs.
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 8 Certificate feature Wildcard SAN Comment Multiple secure domain support Yes Yes Both certificate types support multiple secure domain names. Wildcard supports multiple subdomains to one domain, per certificate. SAN-enabled certificates can support multiple domain names; the limitation is the number of SANs per certificate established by the CA. UCC or SAN support Yes Both certificate types support multiple uses. Microsoft Exchange Server, Microsoft Office Communications Server and Microsoft System Center Mobile Device Manager use SAN. Number of Fully Qualified Domain Names (FQDNs) 1 Multiple Wildcard certificates only support one single domain name, but a nearly unlimited number of subdomains. SAN-enabled certificates can support multiple domains, multiple host names, etc. The limitation is the amount of SAN’s per certificate. This limitation is established by the Certification Authority. Domain name ownership 1 Multiple An organisation must own, or be authorised to use, any and all domains in the certificate’s subject. The wildcard product and SAN functionality are subject to these basic requirements. Domain name format *.name.com Multiple Wildcard certificates use a single name format (*.name. com). SAN certificates can use any FQDN. Name flexibility Yes In a Wildcard certificate, only the subdomain can change. Additionally, a subdomain must exist in place of the wildcard character; for example, https://*.symantec.com cannot secure https://symantec.com. By contrast, a certificate for https://www.symantec.com can support a SAN of https://symantec.com or https://www.symantec.org. Cost control Yes Wildcards allow for future-proofing. You don’t need to buy additional certificates later as long as you are securing subdomains under one domain. Secure private key Yes Yes Both certificate types include a secure private and public key pair. However, if you use a single wildcard certificate on multiple servers and one server is compromised, all servers become compromised. For this reason, each server hosting a wildcard certificate should have its own version of the certificate with its own private key. The same issue is possible with SAN certificates. Make sure you keep the private key secure at all times. Best PKI practice: Multiple servers sharing one key pair are prone to a single point of failure. We recommend unique key pairs in multi-server scenarios, where possible. Wildcard vs. SAN Certificates The following table provides you with an overview of the differences between the SAN and wildcard certificates.
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 9 Certificate feature Wildcard SAN Comment Simplicity of management Yes Wildcard certificates are easier to manage than SAN certificates because they support any subdomain. SAN certificates must be updated each time a new domain is added or an old domain is dropped. Note that due to the convenient nature of wildcard certificates, you have to keep careful track of the subdomains that the certificate secures. Keeping a close record of supported subdomains helps eliminate the chance that a ‘rogue’ subdomain exists. Strong physical policy or access control measures to limit who can add/change/remove host headers are also recommended to eliminate the possibility of rogue subdomains. Domain-only authentication Because the wildcard certificate supports unlimited subdomains, it is not available in domain-only format. SAN certificates are also not available in domain-only format because they include multiple domains. SHA-1 Yes Yes SHA-1 (a secure hash algorithm) is supported on both types of certificate. Organisational validated authentication Yes Yes Both types of certificate are only available in organisational validated format, which is more trustworthy than domain-only certificates. Organisational validated authentication certificates require both domain validation and organisation validation. SSL encryption Yes Yes Both certificate types support 128-bit and better encryption. Number of domains secured Unlimited prefixes Unlimited prefixes Wildcard certificates validate virtually an unlimited number of subdomains that are based on the same domain name (though for example, *.symantec.com does not secure group.test.symantec.com). SAN certificates support only the domain names entered in the certificate. The number of domains supported in a SAN certificate depends on the certificate authority. Extended validation Yes Extended Validation SSL Certificates (EV SSL) instil customer confidence by enabling web browsers to display the green address bar, one of the most trusted and recognised security indicators available. Site seal Yes Yes Wildcard site seals are assigned to the domain name. SAN site seals are assigned to the primary domain name in the certificate.
White paper: Wildcard and SAN: Understanding multi-use SSL certificates 10 Certificate feature Wildcard SAN Comment Mobile device support Yes Yes Note that some older devices, for example, Windows Mobile version 5, do not support the wildcard character. Check with your vendors to see if updates are available to support wildcard certificates. All devices support the SAN certificate. Browser compatibility 99+% 99+% All modern browsers support both types of certificates. Validity duration Multi-year Multi-year Both certificate types are available for multi-year spans. Warranty Yes Yes Certificate providers can provide warranties for both types of certificates. Shared hosting usage Yes You can only use SAN certificates for shared hosting because they support multiple domain names. Quality assurance testing usage Yes Yes Wildcard certificates can only be used in QA testing environments that use the same domain name. SAN certificates can be used in environments that use either the same domain name or multiple domain names.
Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, BindView, Enterprise Security Manager, Sygate, Veritas, Enterprise Vault, NetBackup and LiveState are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. White Paper: Wildcard and SAN: Understanding multi-use SSL certificates Learn more Symantec’s SAN and Wildcard certificates offer a cost-effective, versatile option to provide SSL-secured communications with a single SSL certificate. Our Secure Site Wildcard Certificate gives you the flexibility to protect subdomains today and in the future for one predictable price. Our SAN certificates are recognised by Microsoft for compliance with Unified Communications (UC) usage for Microsoft Exchange and Microsoft Office Communications server. Best of all, we offer multiple SSL certificate options with a single SAN certificate, including Extended Validation, Secure Gated Cryptography and Intranet SSL. More Information Visit our website http://go.symantec.com.ssl-certificates To speak with a product specialist Call 0800 56 29 24 or +41 22 54 50 288 About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organsations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Symantec Switzerland AG Andreasstrasse 15 8050 Zurich Switzerland www.symantec.ch

Recommended

REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...
REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...
REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...eraser Juan José Calderón
 
Windows Certification Full
Windows Certification FullWindows Certification Full
Windows Certification Fullgopi1985
 
Draft Ietf Oauth V2 12
Draft Ietf Oauth V2 12Draft Ietf Oauth V2 12
Draft Ietf Oauth V2 12Vishal Shah
 
DataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedIn
DataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedInDataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedIn
DataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedInAnna Lykke Lundholm-Andersen
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Obtain SAN SSL or Multi Domain SSL Process | RapidSSLonline
Obtain SAN SSL or Multi Domain SSL Process | RapidSSLonlineObtain SAN SSL or Multi Domain SSL Process | RapidSSLonline
Obtain SAN SSL or Multi Domain SSL Process | RapidSSLonlineRapidSSLOnline.com
 
Certificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveCertificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveShashank Kapil
 

Recommended

REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...
REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...
REDACTABLE BLOCKCHAIN .How to change the immutable and the consequences of do...eraser Juan José Calderón
 
Windows Certification Full
Windows Certification FullWindows Certification Full
Windows Certification Fullgopi1985
 
Draft Ietf Oauth V2 12
Draft Ietf Oauth V2 12Draft Ietf Oauth V2 12
Draft Ietf Oauth V2 12Vishal Shah
 
DataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedIn
DataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedInDataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedIn
DataSafe-Anexploratoryprojectinonlinepersonaldataprivacy-forLinkedInAnna Lykke Lundholm-Andersen
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Obtain SAN SSL or Multi Domain SSL Process | RapidSSLonline
Obtain SAN SSL or Multi Domain SSL Process | RapidSSLonlineObtain SAN SSL or Multi Domain SSL Process | RapidSSLonline
Obtain SAN SSL or Multi Domain SSL Process | RapidSSLonlineRapidSSLOnline.com
 
Certificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveCertificate fundamental from avaya smgr perspective
Certificate fundamental from avaya smgr perspectiveShashank Kapil
 
Esm admin guide_5.5
Esm admin guide_5.5Esm admin guide_5.5
Esm admin guide_5.5Protect724v2
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security ConfigurationBraja Krishna Das
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecurityHTS Hosting
 
DocuSign SOAP API Developer Guide
DocuSign SOAP API Developer GuideDocuSign SOAP API Developer Guide
DocuSign SOAP API Developer GuideMike Borozdin
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
inSync Cloud FAQ
inSync Cloud FAQinSync Cloud FAQ
inSync Cloud FAQDruva
 
Ssl2
Ssl2Ssl2
Ssl2karthickmsit
 
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718guest75224e4
 
Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overviewwhite paper
 
Integrating SDN into the Data Center
Integrating SDN into the Data CenterIntegrating SDN into the Data Center
Integrating SDN into the Data CenterJuniper Networks
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineRapidSSLOnline.com
 
Connector Management User's Guide for ArcSight Express v4.0
Connector Management User's Guide for ArcSight Express v4.0Connector Management User's Guide for ArcSight Express v4.0
Connector Management User's Guide for ArcSight Express v4.0Protect724v2
 
Config Guide Ip Sec
Config Guide Ip SecConfig Guide Ip Sec
Config Guide Ip SecHaris Padinharethil
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 
Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 
Mongo db security-guide
Mongo db security-guideMongo db security-guide
Mongo db security-guideDan Llimpe
 
Not all XML Gateways are Created Equal
Not all XML Gateways are Created EqualNot all XML Gateways are Created Equal
Not all XML Gateways are Created EqualCA API Management
 
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?AboutSSL
 
Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3BrainerQuintana
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityCheapSSLsecurity
 

More Related Content

Similar to Wildcard and SAN - Understanding Multi Domain SSL Certificate

Esm admin guide_5.5
Esm admin guide_5.5Esm admin guide_5.5
Esm admin guide_5.5Protect724v2
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security ConfigurationBraja Krishna Das
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecurityHTS Hosting
 
DocuSign SOAP API Developer Guide
DocuSign SOAP API Developer GuideDocuSign SOAP API Developer Guide
DocuSign SOAP API Developer GuideMike Borozdin
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
inSync Cloud FAQ
inSync Cloud FAQinSync Cloud FAQ
inSync Cloud FAQDruva
 
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718guest75224e4
 
Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overviewwhite paper
 
Integrating SDN into the Data Center
Integrating SDN into the Data CenterIntegrating SDN into the Data Center
Integrating SDN into the Data CenterJuniper Networks
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineRapidSSLOnline.com
 
Connector Management User's Guide for ArcSight Express v4.0
Connector Management User's Guide for ArcSight Express v4.0Connector Management User's Guide for ArcSight Express v4.0
Connector Management User's Guide for ArcSight Express v4.0Protect724v2
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9Tintus Ardi
 
Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 
Mongo db security-guide
Mongo db security-guideMongo db security-guide
Mongo db security-guideDan Llimpe
 
Not all XML Gateways are Created Equal
Not all XML Gateways are Created EqualNot all XML Gateways are Created Equal
Not all XML Gateways are Created EqualCA API Management
 
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?AboutSSL
 
Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3BrainerQuintana
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxssuser865ecd
 

Similar to Wildcard and SAN - Understanding Multi Domain SSL Certificate (20)

Esm admin guide_5.5
Esm admin guide_5.5Esm admin guide_5.5
Esm admin guide_5.5
 
Cassandra Security Configuration
Cassandra Security ConfigurationCassandra Security Configuration
Cassandra Security Configuration
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
 
DocuSign SOAP API Developer Guide
DocuSign SOAP API Developer GuideDocuSign SOAP API Developer Guide
DocuSign SOAP API Developer Guide
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
 
inSync Cloud FAQ
inSync Cloud FAQinSync Cloud FAQ
inSync Cloud FAQ
 
Ssl2
Ssl2Ssl2
Ssl2
 
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
Forti Gate Ssl Vpn User Guide 01 30007 0348 20080718
 
Java Security Overview
Java Security OverviewJava Security Overview
Java Security Overview
 
Integrating SDN into the Data Center
Integrating SDN into the Data CenterIntegrating SDN into the Data Center
Integrating SDN into the Data Center
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonline
 
Connector Management User's Guide for ArcSight Express v4.0
Connector Management User's Guide for ArcSight Express v4.0Connector Management User's Guide for ArcSight Express v4.0
Connector Management User's Guide for ArcSight Express v4.0
 
Config Guide Ip Sec
Config Guide Ip SecConfig Guide Ip Sec
Config Guide Ip Sec
 
Secure remote access in solaris 9
Secure remote access in solaris 9Secure remote access in solaris 9
Secure remote access in solaris 9
 
Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guide
 
Mongo db security-guide
Mongo db security-guideMongo db security-guide
Mongo db security-guide
 
Not all XML Gateways are Created Equal
Not all XML Gateways are Created EqualNot all XML Gateways are Created Equal
Not all XML Gateways are Created Equal
 
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
Wildcard and SAN (Multi-Domain) Certificates – What’s the Difference?
 
Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3Samsung mdf admin guide v6.3
Samsung mdf admin guide v6.3
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 

More from CheapSSLsecurity

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityCheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorHow to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorCheapSSLsecurity
 
Apache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideApache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideCheapSSLsecurity
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityMulti Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityCheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolCheapSSLsecurity
 
What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?CheapSSLsecurity
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017CheapSSLsecurity
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018CheapSSLsecurity
 
Is your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if notIs your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if notCheapSSLsecurity
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Quantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forQuantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forCheapSSLsecurity
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingCheapSSLsecurity
 
Understanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecUnderstanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecCheapSSLsecurity
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityThawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityCheapSSLsecurity
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingShift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingCheapSSLsecurity
 
Microsoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowMicrosoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowCheapSSLsecurity
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
 

More from CheapSSLsecurity (20)

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH ErrorHow to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
 
Apache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting GuideApache Server: Common SSL Errors and Troubleshooting Guide
Apache Server: Common SSL Errors and Troubleshooting Guide
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurityMulti Domain Wildcard Features explained by CheapSSLsecurity
Multi Domain Wildcard Features explained by CheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
 
What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?What is Certificate Transparency (CT)? How does it work?
What is Certificate Transparency (CT)? How does it work?
 
Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017Norton Cyber Security Insights Report 2017
Norton Cyber Security Insights Report 2017
 
The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018The Top Five Cybersecurity Threats for 2018
The Top Five Cybersecurity Threats for 2018
 
Is your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if notIs your business PCI DSS compliant? You’re digging your own grave if not
Is your business PCI DSS compliant? You’re digging your own grave if not
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
Quantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out forQuantum Computing vs Encryption: A Battle to Watch Out for
Quantum Computing vs Encryption: A Battle to Watch Out for
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Hashing vs Encryption vs Encoding
Hashing vs Encryption vs EncodingHashing vs Encryption vs Encoding
Hashing vs Encryption vs Encoding
 
Understanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by SymantecUnderstanding SSL Certificate for Apps by Symantec
Understanding SSL Certificate for Apps by Symantec
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains SecurityThawte Wildcard SSL Certificates – Enable Sub-Domains Security
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of BlacklistingShift to HTTPS and Save Your Website from the Wrath of Blacklisting
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
 
Microsoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to knowMicrosoft Exchange Server & SSL Certificates: Everything you need to know
Microsoft Exchange Server & SSL Certificates: Everything you need to know
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Wildcard and SAN - Understanding Multi Domain SSL Certificate

  • 1. WHITEPAPER: WILDCARDANDSAN:UNDERSTANDING MULTI-USESSLCERTIFICATES Wildcard and SAN: Understanding multi-use SSL Certificates Leveraging multi-use digital certificates to simplify certificate management and reduce costs White paper
  • 2. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 2 Wildcard and SAN: Understanding multi-use SSL certificates Contents About digital certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Proof of authenticity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Using SSL to move HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Secure Sockets Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Protecting servers and services with SSL certificates . . . . . . . . . . . . . . . . . . . . . . 4 Maintaining SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Types of multi-use SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Wildcard certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Subject Alternative Name (SAN) certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Making the selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 In summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Table: Wildcard vs. SAN certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
  • 3. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 3 When you employ web-based services on the Internet, SSL certificates are the industry standard for authentication and security. Depending on how you plan to use SSL certificates, multi-use certificates can provide greater flexibility than traditional certificates. Multi-use certificates protect multiple Fully Qualified Domain Names (FQDNs) and subdomains, lowering your administrative costs and simplifying certificate installation, management and deployment. About digital certificates The best way to prove your identity on the Internet is to use a digital certificate. A digital certificate relies on a trusted third-party authority, or Certificate Authority, to verify your identity and then uses a chain of trust that begins with you and works up to the trusted authority to validate your identity. This chain of trust provides verifiable security on the internet. Digital certificates provide: Proof of authenticity Digital certificates demonstrate and validate the authenticity of the source of the web content. Integrity Digital certificates make it difficult to modify content in transit because the content is encrypted. Availability Digital certificates enable the availability of secure information exchange online. By providing a constant verification service, certificate authorities identify bad risks for certificates and mitigate those risks through a series of lists and checks. Confidentiality SSL encrypts data both in the content itself and in the transport mechanism that is used to send the data to a destination on the Internet, ensuring confidentiality. Using SSL to move HTTPS Organisations that process transactions on the Internet, or offer Internet-based services, rely on digital certificates to validate that they are who they claim to be, ensuring trust in their services. Most organisations add certificates to their Internet-facing servers to ensure accurate proof of their identity. When a customer accesses a web page that is hosted on a server with a digital certificate, their web browser automatically detects the certificate and modifies the session. The session moves from an ‘open’ session that uses Hypertext Transfer Protocol (HTTP) to a secure HTTP (HTTPS). HTTPS allows for the encryption of all the data sent between the user’s computer and the server. Secure Sockets Layer Secure Sockets Layer (SSL) provides HTTPS data encryption. SSL creates an encryption tunnel between the client and the server that protects the transfer of data from one point to the other during the communication exchange. You know you are using SSL when the web address starts with https:, and your browser displays a closed padlock in its status bar, and/or you see a green background in the address bar. Note that the green background in the address bar and the padlock are hallmarks of an Extended Validation (EV) SSL certificate. Extended Validation certificates provides the highest level of authentication available for a SSL certificate. Because EV SSL authentication standards require strict issuance and A SSL trust mark or site seal lets your customers know that a Certificate Authority has authenticated and verified your organization.
  • 4. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 4 management processes established by the CA/Browser Forum, EV SSL Certificates provide an extra layer of protection for online businesses and their customers. Protecting servers and services with SSL certificates To enable SSL on an externally facing server, an organisation must purchase a certificate from a trusted Certification Authority (CA). The organisation purchases one certificate for each service that it plans to protect (e.g. email, instant messaging, mobile device management and web-based interactions). An SSL certificate contains the service’s Fully Qualified Domain Name (FQDN) and ties a service’s domain name to the server. This combination makes it possible for a browser (or another agent) to compare the domain name that the service accesses with the domain name of the certificate. Maintaining SSL certificates Certificates last for a finite period of time: typically one, two or three year periods. To avoid maintenance every year, it is recommended you purchase certificates that are valid for extended periods of time. It’s also convenient to select static service names because each time a service name changes, the certificate must change on each server that provides the service. These strategies reduce the workload associated with periodic renewal and installation of certificates on your servers. Services that use subdomain names (names that use the same root or domain name, but have a different prefix or subdomain name) have an additional maintenance overhead. Because subdomain names are embedded into SSL certificates, organisations usually buy one certificate per service. If the organisation protects numerous services with unique certificates, this can become expensive and time-consuming to manage. Types of multi-use SSL certificates Two types of multi-use SSL certificates can greatly reduce the complexity of managing SSL for services and subdomains. • A Wildcard Certificate allows you to secure multiple subdomains under a single unique FQDN. Using one wildcard certificate not only simplifies certificate management, but also lowers your administrative costs while providing immediate protection to current and future subdomains. • A single Subject Alternative Name (SAN) certificate can secure multiple FQDNs. SAN certificates provide flexibility when your website does not share the same domain name. Unlike wildcard certificates, SAN certificates have the additional benefit of being able to support deployments that require Extended Validation (EV) certificates. Wildcard certificates Wildcard certificates are regular SSL certificates that support the wildcard character “*” as a prefix to the FQDN, allowing it to secure multiple services. Wildcard certificates do not include specific service names and always contain a wildcard character that prefixes the domain name.
  • 5. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 5 A wildcard certificate can be more flexible than using multiple single purpose certificates because you can apply the wildcard certificate to a number of different services. You can also add, change or replace services without needing to update the certificate or purchase new certificates. For example, suppose you want to protect servers that run an instant communication protocol like Session Initiation Protocol (SIP) and an email service. With single-use certificates, you need two certificates because you have to embed the name of each service into each certificate. As long as the domain is the same, however, you can secure both services with one wildcard certificate. So the wildcard *.symantec.com can secure both sip.symantec.com and mail.symantec.com with just one certificate. Using a wildcard character as a placeholder in the domain name embedded into the certificate makes the certificate more flexible. You can also apply it to any number of services since the wildcard character can represent any subdomain name, simplifying the certificate management process. Because wildcard certificates manage multiple subdomains and the services names they support, they can be less secure than SAN certificates. We do not recommend their use as the primary certificate solution for enterprises. When you deploy a wildcard certificate, always make sure that you implement strong logical and physical policies to protect your assets. Subject Alternative Name (SAN) certificates Subject Alternative Name (SAN) certificates enable you to include multiple FQDNs in one certificate. Unlike wildcard certificates that can support an unlimited number of prefix or subdomain names as long as the domain name remains the same, SAN certificates only support the FQDNs entered into the certificate. Depending on the issuing Certificate Authority, SAN certificates can support 100 or more different FQDNs in one certificate. A SAN certificate includes the standard Subject Name field, which supports a single primary web-based service name. The subject name is what the certificate secures, as listed in the example in the component fields. It consists of a Common Name, Organisation, Organisational Unit, Town, County and Country. It has an additional field – the Subject Alternative Name (SAN) field – for additional service names. You can install a SAN certificate on several servers, where it supports internal and external service delivery. Subject Alternative Name (SAN) certificates are also called Unified Communications Certificates (UCC) because they were primarily designed to support real-time communications infrastructures. SAN certificates, or UCCs, are useful when organisations want to use different root or domain names to run Internet-facing services.For example, an organisation that provides internal (sip.symantec.net) and external domain (sip.symantec.com) unified communications services can use a single SAN certificate to secure both FQDNs. The organisation would need two wildcard certificates because symantec.net and symantec.com are different domains. A single wildcard certificate – like *.symantec.com – can secure the following domains: www.symantec.com finance.symantec.com mail.symantec.com sip.symantec.com register.symantec.com However, it cannot secure: www.symantec.ca mail.test.symantec.com SAN example One SAN certificate can protect: yourbusiness.co.uk mybusiness.com yourbusiness.net products.yourbusiness.com support.products yourbusiness.com
  • 6. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 6 Another way to use a SAN certificate is when you validate secure internal and external services. You might have both an internal and external SIP service for instant messaging: internal sip.symantec.com and external sip.symantec.net. In this situation, you must have a certificate on each server in the internal and external service to allow your users to work whether they are in the office or on the road. The same scenario applies for instant messaging infrastructures where you want to encrypt both internal and external messages. Note that servers cannot include two certificates for the same purpose. SAN certificates are also useful for application service providers (ASP) who host applications for multiple clients with each client using their own domain name. By using a SAN certificate, ASPs can use a single certificate to support multiple clients. Note that the site seal and certificate are only for the primary domain name entered in the certificate and do not include any of the other domain names. The certificate includes all of the domain names verified at the time of purchase. SAN certificates have the same issues as single-purpose certificates. When the actual service names are embedded into the certificate, your services must always use the same name otherwise you have to change the certificate. Because the certificate is a multi-use certificate, you change it on each of the servers that host the certificate-supported service. When you want to add services to provide further functionality to your users, you must update the SAN certificate with the new service names. While multi-domain certificates are useful for supporting unified communications deployments, keep these caveats in mind: • SAN certificates do not support wildcard characters. For this reason, you need to add subdomain names as unique domain name entries in the certificate at the point of purchase. Each time you want to add a new domain name or you remove an old one, you need to update and re-deploy the certificate to each host server. • When hosting websites for multiple clients, ASPs should be aware that all domain names are visible in a SAN certificate. If the ASP does not want one site to appear connected to another, use a different kind of certificate. Making the selection Multi-use certificates can secure multiple web services using a single certificate. To accomplish this, these certificates either add a subject alternate name field to the common single-use certificate or use a wildcard to replace the subdomain or prefix name in the certificate. Multi-use certificates save money and simplify management by including multiple names within the same certificate or replacing service names with a wildcard. Use SAN certificates when you need multiple domain names for each service. WILDCARD CERTIFICATES Use a wildcard certificate when you want: • a single domain name for all services • a single domain and multiple subdomains that cover all services SAN CERTIFICATES Use a SAN certificate when you want: • unique domain names for each service • the option of providing Extended Validation protection
  • 7. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 7 In summary Most organisations use a least one public domain name and one private domain name to segregate their internal and external name spaces. In this case, only SAN certificates work. For organisations that only use one single public domain name the wildcard certificate may be a good option. Multi-use certificates make it much easier to deploy multiple secure services both internally and externally and have distinct advantages in lowering costs and reducing resources. This ease of deployment is particularly useful in environments that include several services such as mail, instant messaging, web, mobile device management and File Transfer Protocol. If this is the situation that applies for your organisation, then your best choice is a multi-use certificate designed to fit your needs.
  • 8. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 8 Certificate feature Wildcard SAN Comment Multiple secure domain support Yes Yes Both certificate types support multiple secure domain names. Wildcard supports multiple subdomains to one domain, per certificate. SAN-enabled certificates can support multiple domain names; the limitation is the number of SANs per certificate established by the CA. UCC or SAN support Yes Both certificate types support multiple uses. Microsoft Exchange Server, Microsoft Office Communications Server and Microsoft System Center Mobile Device Manager use SAN. Number of Fully Qualified Domain Names (FQDNs) 1 Multiple Wildcard certificates only support one single domain name, but a nearly unlimited number of subdomains. SAN-enabled certificates can support multiple domains, multiple host names, etc. The limitation is the amount of SAN’s per certificate. This limitation is established by the Certification Authority. Domain name ownership 1 Multiple An organisation must own, or be authorised to use, any and all domains in the certificate’s subject. The wildcard product and SAN functionality are subject to these basic requirements. Domain name format *.name.com Multiple Wildcard certificates use a single name format (*.name. com). SAN certificates can use any FQDN. Name flexibility Yes In a Wildcard certificate, only the subdomain can change. Additionally, a subdomain must exist in place of the wildcard character; for example, https://*.symantec.com cannot secure https://symantec.com. By contrast, a certificate for https://www.symantec.com can support a SAN of https://symantec.com or https://www.symantec.org. Cost control Yes Wildcards allow for future-proofing. You don’t need to buy additional certificates later as long as you are securing subdomains under one domain. Secure private key Yes Yes Both certificate types include a secure private and public key pair. However, if you use a single wildcard certificate on multiple servers and one server is compromised, all servers become compromised. For this reason, each server hosting a wildcard certificate should have its own version of the certificate with its own private key. The same issue is possible with SAN certificates. Make sure you keep the private key secure at all times. Best PKI practice: Multiple servers sharing one key pair are prone to a single point of failure. We recommend unique key pairs in multi-server scenarios, where possible. Wildcard vs. SAN Certificates The following table provides you with an overview of the differences between the SAN and wildcard certificates.
  • 9. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 9 Certificate feature Wildcard SAN Comment Simplicity of management Yes Wildcard certificates are easier to manage than SAN certificates because they support any subdomain. SAN certificates must be updated each time a new domain is added or an old domain is dropped. Note that due to the convenient nature of wildcard certificates, you have to keep careful track of the subdomains that the certificate secures. Keeping a close record of supported subdomains helps eliminate the chance that a ‘rogue’ subdomain exists. Strong physical policy or access control measures to limit who can add/change/remove host headers are also recommended to eliminate the possibility of rogue subdomains. Domain-only authentication Because the wildcard certificate supports unlimited subdomains, it is not available in domain-only format. SAN certificates are also not available in domain-only format because they include multiple domains. SHA-1 Yes Yes SHA-1 (a secure hash algorithm) is supported on both types of certificate. Organisational validated authentication Yes Yes Both types of certificate are only available in organisational validated format, which is more trustworthy than domain-only certificates. Organisational validated authentication certificates require both domain validation and organisation validation. SSL encryption Yes Yes Both certificate types support 128-bit and better encryption. Number of domains secured Unlimited prefixes Unlimited prefixes Wildcard certificates validate virtually an unlimited number of subdomains that are based on the same domain name (though for example, *.symantec.com does not secure group.test.symantec.com). SAN certificates support only the domain names entered in the certificate. The number of domains supported in a SAN certificate depends on the certificate authority. Extended validation Yes Extended Validation SSL Certificates (EV SSL) instil customer confidence by enabling web browsers to display the green address bar, one of the most trusted and recognised security indicators available. Site seal Yes Yes Wildcard site seals are assigned to the domain name. SAN site seals are assigned to the primary domain name in the certificate.
  • 10. White paper: Wildcard and SAN: Understanding multi-use SSL certificates 10 Certificate feature Wildcard SAN Comment Mobile device support Yes Yes Note that some older devices, for example, Windows Mobile version 5, do not support the wildcard character. Check with your vendors to see if updates are available to support wildcard certificates. All devices support the SAN certificate. Browser compatibility 99+% 99+% All modern browsers support both types of certificates. Validity duration Multi-year Multi-year Both certificate types are available for multi-year spans. Warranty Yes Yes Certificate providers can provide warranties for both types of certificates. Shared hosting usage Yes You can only use SAN certificates for shared hosting because they support multiple domain names. Quality assurance testing usage Yes Yes Wildcard certificates can only be used in QA testing environments that use the same domain name. SAN certificates can be used in environments that use either the same domain name or multiple domain names.
  • 11. Copyright © 2012 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, BindView, Enterprise Security Manager, Sygate, Veritas, Enterprise Vault, NetBackup and LiveState are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. White Paper: Wildcard and SAN: Understanding multi-use SSL certificates Learn more Symantec’s SAN and Wildcard certificates offer a cost-effective, versatile option to provide SSL-secured communications with a single SSL certificate. Our Secure Site Wildcard Certificate gives you the flexibility to protect subdomains today and in the future for one predictable price. Our SAN certificates are recognised by Microsoft for compliance with Unified Communications (UC) usage for Microsoft Exchange and Microsoft Office Communications server. Best of all, we offer multiple SSL certificate options with a single SAN certificate, including Extended Validation, Secure Gated Cryptography and Intranet SSL. More Information Visit our website http://go.symantec.com.ssl-certificates To speak with a product specialist Call 0800 56 29 24 or +41 22 54 50 288 About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organsations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Symantec Switzerland AG Andreasstrasse 15 8050 Zurich Switzerland www.symantec.ch