What are UCC SSL Certificates? This type of certificate is an SSL or TLS digital certificate also known as a multi domain certificate, meaning it can protect more than just one name and is not a wildcard. Another name is a SAN certificate, or Subject Alternative Name certificate. A UCC SSL Certificate may contain wildcards, but the key is that it can contain more than one wildcard to protect multiple subdomains.
UCC certificates can be DV (Domain Validated) or OV (Organization Validated). Note that for DV, each name on the certificate must be validated and not just the primary name.
Depending on the issuing CA (Certification Authority), the UCC certificate can contain a different number of names but at minimum most CAs will support 100 names.
UCC SSL Certificate Pricing
Each CA will have it’s own pricing structure. It really comes down to the math as a wildcard may end up being more affordable than a SAN certificate that contains 100 names. Remember, security over pricing. Just because a wildcard could end up being cheaper, it may not be as secure. We recommend being as explicit as possible for what the certificate is protecting and/or identifying.
UCC SSL Certificate Examples
A UCC certificate may contain the following names as a simple example. This is a good example for grouping servers that may be serving the same purpose, but need secured separately.
- DNS Name=test1.example.com
- DNS Name=test2.example.com
- DNS Name=test3.example.com
Another example may be multiple wildcards being protected, but still explicit so that every dns name in the domain is not covered.
- DNS Name=*.test.example.com
- DNS Name=*.dev.example.com
Again, your use case may vary but it is always a good idea to logically request your certificates. A certificate with every random name in your domain will likely become out of date quick and will make it harder to keep track of services that may be affected by an expiring cert.
Conclusion
This article has explained what UCC SSL Certificates are and their usage. If you have any questions please let us know in the comments.
Leave a Reply