SSL certificates are issued to domains and subdomains after domain validation. But can the same certificate be used for domains and their subdomains?
What are Domains and Sub-Domains?
Domains or domain names or FQDNs are the publicly assigned address for your website. For example, getssl.in is the domain/address for this website.
A sub-domain is an address for a mini/sub- website under a domain name. For example, tools.getssl.in could be the subdomain/address of a mini website with online tools from getssl.in
In the same manner the subdomain www is also a mini site under a domain. However, in most web hosting configurations it usually points to the main website pointed to by the domain name. For example, www.getssl.in and getssl.in both point to the same website.
Why are SSL Certificates issued only to Domains or Subdomains? Or, Why are SSL certificates not issued to IP addresses?
SSL certificates are trust-based products and are issued for the purpose of securing data communication between websites/email servers and client apps such as web browsers, and mobile apps.
Websites and servers are addressed by IP addresses or domains/subdomains. To issue a SSL certificate for clients apps to trust a website or server, the Certifying Authority (CA) needs to verify ownership of the website or server.
Since dynamic IP addresses change randomly, SSL certificates cannot be issued to a specific IP address as its ownership will change very often. Hence, SSL certificates are not issued to IP addresses.
However, domain names are registered to specific individuals or companies and in that case domain ownership can be validated using Domain Control Validation methods. Hence, the SSL certificates can only be issued to the websites/servers which can be addressed by either domains or subdomains and validated by domain owners.
How are SSL Certificates issued to Domains/Subdomains after Domain Validation?
When a SSL certificate is issued to a domain it is also valid for it’s www subdomain. Hence, a certificate issued to getssl.in will also be valid for www.getssl.in and similarly a certificate issued to www.getssl.in will also be valid for getssl.in
When a SSL certificate is issued to a non-www subdomain it will only be valid for use with that specific subdomain. For example, a certificate issued to tools.getssl.in will only be valid for use with tools.getssl.in
There is one special type of certificate that is valid for a domain and all it’s subdomains and is called a Wildcard SSL certificate. This certificate is useful when you have many subdomains and you don’t want to perform domain validation to get a certificate issued for each one.