Secure Sockets Layer (also known as SSL) is the known industry standard used by millions of websites to protect online transactions with their customers. SSL is used to make an encrypted link between a web server and a browser. This encrypted link guarantees that all data transferred between both ends remain private and intact.
To establish a secure connection, a web server needs an SSL Certificate. To activate SSL on your web server, you will need to choose the correct SSL type as per your requirement. This guide will explain the core differences between SSL types.
Single-name SSL certificates protect a single sub-domain (hostname). For example, if you purchase a certificate for www.abcdomain.com, it will not secure my.abcdomain.com.
On sole discretion of the certificate authority, if you purchase a single-name certificate for the www hostname (www.mydomain.com), the certificate may also include the root domain (mydomain.com).
Multiple SSL SAN
A SAN (Subject Alternative Name) certificate allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for mydomain.com, and then add more SAN values to have the same certificate protect mydomain.org, mydomain.net and even mydomain.com.
In most cases, the SAN values can be changed at any time during the life of the certificate – you’d just need to change the value, and then do a re-issue.
A Wildcard SSL certificate allows you to secure multiple sub-domains with just one certificate. In many cases, the wildcard certificate makes more sense than a SAN (Subject Alternative Name) because it allows for unlimited sub-domains and you don’t need to define them at the time of purchase.
You can add sub-domains without having to redeploy the certificate. For example, you could use a wildcard certificate for the domain name mydomain.com and that certificate would also work for my.mydomain.com, my1.mydomain.com, and any other sub-domain. The wildcard refers to the fact that the certificate is provisioned for *.mydomain.com so that certificate would just work, no reissue required.