EV multi-domain SSL certificates are a type of digital certificate that organizations can purchase from Certificate Authorities (CAs). Also known as Subject Alternative Name (SAN) certificates, these electronic documents help protect web users against phishing attacks. They have an average lifetime ranging from two years to 27 months; at the end of that period, the owner must renew their certificate with the issuing CA.
Enterprises that wish to obtain an EV multi-domain SSL certificate must submit to extended validation (EV) procedures. CAs use EV to provide a high degree of trust for visitors to a website operated by the certificate owner. EV certificates are especially relevant for web destinations where users commonly submit sensitive personal information or engage in some type of financial transaction.
To achieve a level of confidence commensurate with EV certificates, a domain owner must provide extra documentation including proof of domain ownership, online public directory information, articles of incorporation, and a certificate of formation to its CA. A vetting partner then looks over this data to verify the domain owner's name, legal existence, operational existence, physical existence, and other identity properties. Validation yields an up-to-date EV certificate, a digital file with 256-bit encryption which shows the name of the company or organization in the address bar as well as displays the address bar in green.
Multi-domain extended validation certificates (EV MDCs) are different than regular EV certificates, however. A single EV MDC usually allows an organization to secure at least 100 fully qualified domain names (FQDNs) and up to 250 FDQNs, including sub-domains. As explained by Nexcess.Net, LLC, organizations must submit one unique IP address per domain name, but they can do so at a relatively low cost. EV MDCs therefore give businesses an affordable way to protect multiple domain names with just one certificate
Numerous types of organizations, such as private organizations, government entities, and business entities, can purchase a multi-domain extended validation SSL certificate from a qualified CA. They can even upgrade an existing certificate to an EV certificate.
But for all their distinguishing features, EV MDCs aren't any different when it comes to certificate lifecycles. These digital files expire like any other certificate. If that happens, customers may not be able to access the domains that are impacted. Plus, organizations may not be able to use critical security tools that rely on access to encryption, such as network monitoring tools that decrypt data packets and inspect them for malicious functionality.
Companies might consider countering the threat of outages manually by creating and renewing certificates themselves. But this process can be time consuming and error prone, leaving the machine identities that EV certificates govern vulnerable to human error. Effective machine identity protection requires an enterprise platform that automates these processes, maximizing the value and efficiency of scarce Public Key infrastructure (PKI) resources, and thereby makes it possible to manage the entire lifecycle of request, renewal, and revocation for multi-domain EV certificates.
The Venafi Platform tracks the complete history for all keys and certificates. This means that organizations can use Venafi to rollback a certificate to an older version and to report upon/audit the history of one, a few, or all certificates. It also fully supports request, renewal, and revocation for all major CAs, functionality which enables organizations to identify and enforce specific CA trust chains.