Home / server / Questions / 313067
Accepted
Jordan Reiter
Asked: 2011-09-20 08:37:07 +0800 CST

Drawbacks/Disadvantages UCC/UC Multiple Domain SSL Certificates?

  • 772

I am thinking about transitioning a number of websites over to using a UC or Multiple Domain SSL certificate.

I guess I'm just wondering what the drawbacks are. So far the only ones I can find are that:

  • they're not ideal if you don't want different domains identified with each other.
  • because you have only one certificate instead of several, if one certificate gets compromised then it's a greater security risk
  • there are some concerns about compatibility with older browsers, as well as some mobile browsers

We don't deal heavily with private information, just info like e-mail, name, organization, etc. We do collect credit card payments but the volume is very small. These certificates would be used mostly for logins.

ssl domain ssl-certificate ucc

2 Answers

  1. Best Answer

    Adding to what you've got up there:

    • Cost.
    • Need to re-request and re-issue the certificate when you add or remove a domain.

    I wouldn't give much weight to the security concern of key compromise; if your web server is breached and is hosting all of those sites, private keys for separate certificates will all be just as accessible to an attacker as a single alternate-name certificate's key would be.

    • 2

  2. Performance and updates must be considered;

    Multi-domain SSL certificates are popular and they don’t expose the security risk of wildcard certificates that I described above, but they have some issues of their own. First, the more SAN fields you add to a certificate, the larger the certificate, and size impacts the performance of your website. Because the certificate has to be downloaded to the browser before any content is loaded, you should be especially sensitive to the size of the SSL certificate you use. A multi-domain certificate with 5 or 10 SANs may not make much difference, but one with 50 or 100 is likely to have a big impact on performance.

    Multi-domain certificates are often updated to add or remove websites. Each time a change is made, the certificate must be reissued and replaced on all the websites it protects. These changes can be risky and result in downtime for your websites.

    https://casecurity.org/2014/02/26/pros-and-cons-of-single-domain-multi-domain-and-wildcard-certificates/

    • 0