SSL (Secure Sockets Layer) certificate is a validation and encryption tool, part of the HTTPS protocol, which secures and encrypts data going back and forth between the server and the client browser. The reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it.

There are 3 types of SSL certificates:

1. Single-domain SSL — this certificate has only one SAN (Subject Alternative Name) field and it contains a reference to a single website.

2. Wildcard (*) SSL — when that one SAN field contains an asterisk in the website name (e.g. ‘*.hexometer.com’) then it’s a wildcard certificate. This is a variety of single-domain SSL but for an unlimited number of subdomains.

3. Multi-domain SSL — when the certificate has many SAN fields. Multi-domain certificates sometimes have more than 100 SAN fields, and some of these fields may contain wildcards, creating a hybrid “multi-domain wildcard” certificate. This type of certificate is often provided free of charge by CDN services. The main advantage of multi-domain SSL — they are mostly free of charge.

Disadvantages of multi-domain SSL certificates:

1. Higher certificate file size. More SAN fields are in the certificate, the larger the certificate, and size impacts the performance of your website. Because the certificate has to be downloaded to the browser before any content is loaded, you should be especially sensitive to the size of the SSL certificate you use. A multi-domain certificate with 10–15 SANs may not make much difference, but one with 100 or more is likely to have an impact on performance.

2. Sharing the certificate between different organizations. This is commonly done by CDNs (Content Delivery Networks) because it allows them to reduce their need for scarce IP addresses and provide SSL certificates for free. However, if the certificate contains information identifying the organization, that information will be wrong because it can only identify one of the organizations — and often that one organization is the CDN operator or the first organization on the list, which is the worst case.

3. Often updates to add or remove websites. Each time a change is made in the list of domain names, the certificate must be reissued and replaced on all the websites. These changes can be risky and result in downtime for your websites.

If you are not sure what kind of SSL certificate is installed on your website, you can easily check it at https://hexometer.com/ssl-certificate-checker