How many domains can be bound with one SSL certificate?

Question

Let say I have an ASP.NEt application which is bound with more than 10 domains using host headers. Is one certificate is enough for me? or I need more than 1 certificate for each domain? If I need 1 certificate, then adding a new domain means reinstall the certificate?

score 13 · Accepted Answer · answered May 22 '12 at 07:02

13

There are multiple certificate types.

You can have a wildcard cert *.domain.com which is valid for all subdomains.
You can have a single-name cert host.domain.com which is only valid for this host
You can have a multi-name cert host1.domain1.com, host2.domain2.com, this is called a SAN (Subject Alternative Name) Certficiate. They are often called "UC-Certificate" by cert vendors.

I'm not sure where the technical limit is on a SAN cert, but it's certainly more than 10 names.

answered May 22 '12 at 07:02

MichelZ

11,068
4
32
59

Just see the below comment. – Imran Qadir Baksh - Baloch May 22 '12 at 07:05
On many cert vendors, you can add and remove SAN entries anytime, and re-issue the cert. This is however vendor specific. – MichelZ May 22 '12 at 07:08
Is I need to reinstall the certificate? I mean I need to configure my server every time when I add a new domain. – Imran Qadir Baksh - Baloch May 22 '12 at 07:09
Yes, with a SAN Certificate you have to. The only time where you don't have to would be a wildcard cert. Or maybe the SAN cert allows to use Wildcard, to cover multiple domains, not sure (i.e. `*.domain1.com` & `*.domain2.com` – MichelZ May 22 '12 at 07:11

score 7 · Answer 2 · answered May 22 '12 at 07:02

7

If they are truely unique domain names, you can get a SAN (Subject Alternative Name) certificate. Most vendors will let you put about 40 domain names on one cert. If they are sub-domains, a wildcard cert is the way to go. For each of tjose options you only need 1 ip as the cert is valid for all listed domain names.

answered May 22 '12 at 07:02

Zypher

37,405
5
53
95

What if I needed to add a new domain in SAN? Is I need to reinstall this domain to server? Whether domain be added dynamically? – Imran Qadir Baksh - Baloch May 22 '12 at 07:05
You will need to have the issuer re-issue the cert with the new name in addition to the ones already set up. Most vendors allow you to do this via a web portal. Then you'll need to re-install the cert – Zypher May 22 '12 at 07:08
Is I need to configure the server when I add a new domain in SAN certificate? – Imran Qadir Baksh - Baloch May 22 '12 at 07:10

score 0 · Answer 3 · answered Aug 06 '15 at 21:26

0

Typical limit by most issuers are 100 SANs (inclusive). Wildcard is naturally unlimited.

answered Aug 06 '15 at 21:26

mvorisek

515
1
9
19

How many domains can be bound with one SSL certificate?

3 Answers3