Skip to main content
banner image
venafi logo

What Are EV Multi-Domain SSL Certificates?

What Are EV Multi-Domain SSL Certificates?

SANS certificates
March 29, 2018 | David Bisson

EV multi-domain SSL certificates are a type of digital certificate that organizations can purchase from Certificate Authorities (CAs). Also known as Subject Alternative Name (SAN) certificates, these electronic documents help protect web users against phishing attacks. They have an average lifetime ranging from two years to 27 months; at the end of that period, the owner must renew their certificate with the issuing CA.

Enterprises that wish to obtain an EV multi-domain SSL certificate must submit to extended validation (EV) procedures. CAs use EV to provide a high degree of trust for visitors to a website operated by the certificate owner. EV certificates are especially relevant for web destinations where users commonly submit sensitive personal information or engage in some type of financial transaction.

To achieve a level of confidence commensurate with EV certificates, a domain owner must provide extra documentation including proof of domain ownership, online public directory information, articles of incorporation, and a certificate of formation to its CA. A vetting partner then looks over this data to verify the domain owner's name, legal existence, operational existence, physical existence, and other identity properties. Validation yields an up-to-date EV certificate, a digital file with 256-bit encryption which shows the name of the company or organization in the address bar as well as displays the address bar in green.

Multi-domain extended validation certificates (EV MDCs) are different than regular EV certificates, however. A single EV MDC usually allows an organization to secure at least 100 fully qualified domain names (FQDNs) and up to 250 FDQNs, including sub-domains. As explained by Nexcess.Net, LLC, organizations must submit one unique IP address per domain name, but they can do so at a relatively low cost. EV MDCs therefore give businesses an affordable way to protect multiple domain names with just one certificate

Numerous types of organizations, such as private organizations, government entities, and business entities, can purchase a multi-domain extended validation SSL certificate from a qualified CA. They can even upgrade an existing certificate to an EV certificate.

But for all their distinguishing features, EV MDCs aren't any different when it comes to certificate lifecycles. These digital files expire like any other certificate. If that happens, customers may not be able to access the domains that are impacted. Plus, organizations may not be able to use critical security tools that rely on access to encryption, such as network monitoring tools that decrypt data packets and inspect them for malicious functionality.

Companies might consider countering the threat of outages manually by creating and renewing certificates themselves. But this process can be time consuming and error prone, leaving the machine identities that EV certificates govern vulnerable to human error. Effective machine identity management requires an enterprise platform that automates these processes, maximizing the value and efficiency of scarce Public Key infrastructure (PKI) resources, and thereby makes it possible to manage the entire lifecycle of request, renewal, and revocation for multi-domain EV certificates.

The Venafi Platform tracks the complete history for all keys and certificates. This means that organizations can use Venafi to rollback a certificate to an older version and to report upon/audit the history of one, a few, or all certificates. It also fully supports request, renewal, and revocation for all major CAs, functionality which enables organizations to identify and enforce specific CA trust chains.

Protect your EV MDCs and other encryption certificates across their entire lifecycle.

Related posts

Like this blog? We think you will love this.
wildcard certificates
Featured Blog

Wildcard Certificates Make Encryption Easier, But Less Secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more