Multiple domain option (UCC/AN)
Posted: Sun Feb 02, 2025 7:16 am
Its full name is Unified Communications Certificate (UCC) or Subject Alternative Names (SAN), and it can cover a whole list (still limited) of domains. The user can specify several domains and subdomains, and their number affects the cost of the resource.
As a rule, the initial price assumes the use of three to five names, and for adding subsequent ones (there is an upper limit on the number) you need to pay extra. It is best to use such a certificate marketing list of senior homes with related sites: then the visitor will be presented with the name of the main domain and existing additional ones when checking the certificate.
Case: VT-metall
Find out how we reduced the cost of attracting an application by 13 times for a metalworking company in Moscow
Find out how
Option with unlimited number of subdomains (wildcard).
This version of the HTTPS website protocol certificate covers, in addition to the main domain, almost any number of subdomains (*.example.com). These can be example.com, mail.example.com, ftp.example.com and many others, which, however, are necessarily subdomains of the main domain.
Certificates may differ in configuration.
There are four components of the HTTPS protocol that need to be encrypted:
Key exchange at the initial stage of establishing a connection.
Secret and public keys, or so-called asymmetric algorithms, are used.
HTTPS certificate generated by a certification authority.
Algorithms using secret and public keys are used.
Encryption of messages being transmitted directly.
The previously shared secret is encrypted (the method of so-called symmetric algorithms).
Recommended articles on this topic:
Website promotion on the Internet for beginners
External website optimization: stages, services, help
Tips for website promotion
Digest of transmitted information.
Cryptographic hashing algorithms are used.
The size of the keys in each of the listed points is different, and there are algorithms that are no longer recommended for use. At the initial stage (the so-called handshake), the user and the server are faced with the task of choosing a configuration of methods to use, exchanging keys (there are about ten different public key algorithms, and one of them is selected).
In addition, a cipher is selected (again from about ten symmetric key algorithms) plus another algorithm for the digest of the transmitted data (there are three of them, two of which are not recommended for use). As a result, hundreds of configurations can be formed.
Example: a combination of the following type is formed: ECDHE-RSA-AES256-GCM-SHA384. Thus, it turns out that the ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) algorithm will be used for key exchange. The RSA (Rivest-Shamir-Adleman) algorithm was used to sign the certificate. The AES (Advanced Encryption Standard) cipher will be used in the symmetric encryption process, with the GCM mode and 256-bit key selected for operation.
To preserve the integrity of messages, the SHA secure hashing algorithm and 384-bit digests will be used. It should be noted that the full list of possible algorithm configurations is freely available.
Thus, the user and the server choose the combinations to use.
As a rule, the initial price assumes the use of three to five names, and for adding subsequent ones (there is an upper limit on the number) you need to pay extra. It is best to use such a certificate marketing list of senior homes with related sites: then the visitor will be presented with the name of the main domain and existing additional ones when checking the certificate.
Case: VT-metall
Find out how we reduced the cost of attracting an application by 13 times for a metalworking company in Moscow
Find out how
Option with unlimited number of subdomains (wildcard).
This version of the HTTPS website protocol certificate covers, in addition to the main domain, almost any number of subdomains (*.example.com). These can be example.com, mail.example.com, ftp.example.com and many others, which, however, are necessarily subdomains of the main domain.
Certificates may differ in configuration.
There are four components of the HTTPS protocol that need to be encrypted:
Key exchange at the initial stage of establishing a connection.
Secret and public keys, or so-called asymmetric algorithms, are used.
HTTPS certificate generated by a certification authority.
Algorithms using secret and public keys are used.
Encryption of messages being transmitted directly.
The previously shared secret is encrypted (the method of so-called symmetric algorithms).
Recommended articles on this topic:
Website promotion on the Internet for beginners
External website optimization: stages, services, help
Tips for website promotion
Digest of transmitted information.
Cryptographic hashing algorithms are used.
The size of the keys in each of the listed points is different, and there are algorithms that are no longer recommended for use. At the initial stage (the so-called handshake), the user and the server are faced with the task of choosing a configuration of methods to use, exchanging keys (there are about ten different public key algorithms, and one of them is selected).
In addition, a cipher is selected (again from about ten symmetric key algorithms) plus another algorithm for the digest of the transmitted data (there are three of them, two of which are not recommended for use). As a result, hundreds of configurations can be formed.
Example: a combination of the following type is formed: ECDHE-RSA-AES256-GCM-SHA384. Thus, it turns out that the ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) algorithm will be used for key exchange. The RSA (Rivest-Shamir-Adleman) algorithm was used to sign the certificate. The AES (Advanced Encryption Standard) cipher will be used in the symmetric encryption process, with the GCM mode and 256-bit key selected for operation.
To preserve the integrity of messages, the SHA secure hashing algorithm and 384-bit digests will be used. It should be noted that the full list of possible algorithm configurations is freely available.
Thus, the user and the server choose the combinations to use.