Certum Trusted SSL Multi-Domain, distributed by Certum – a global certification authority compliant with WebTrust and ETSI standards – offers advanced cryptographic security for multiple domains, subdomains, and services within a single solution. It employs ECC (Elliptic Curve Cryptography) encryption with algorithms based on elliptic curves, delivering higher performance and security with smaller key sizes compared to traditional RSA methods, along with support for SHA-2. The certificate secures data transmission by guaranteeing integrity and confidentiality in line with PCI-DSS, GDPR, and other industry regulations. A key feature is the support for up to 300 Subject Alternative Names (SAN), which enables the protection of extensive infrastructures including: multiple primary domains, subdomains, public IP addresses, internal servers (e.g., intranet), and cloud services.

The Organization Validation (OV) process confirms the legal existence of the entity, its right to the domain, and its operational activity; the verified details (company name, headquarters) are displayed in the certificate information, enhancing credibility with users. The certificate ensures compatibility with 99.9% of browsers, IoT systems, and mobile devices, supports the latest TLS 1.2/1.3 protocols, and incorporates mechanisms such as OCSP stapling (for expedited validation) and HSTS (enforcing HTTPS encryption). The implementation of ECC technology results in optimized server performance while maintaining resilience against quantum attacks, which is crucial for sensitive sectors (finance, e-health). Additionally, the certificate includes a financial guarantee of €400,000 in the event of incidents related to cryptographic errors and offers process automation (e.g., certificate renewal) as well as flexibility in integration with Apache, Nginx, IIS, and cloud platforms (AWS, Azure).

This solution is dedicated to enterprises with complex requirements, including SaaS providers, operators of critical infrastructure, and organizations managing IoT ecosystems. It eliminates the risk of data interception (MITM) by displaying standard trust indicators (lock symbol, HTTPS), and thanks to the scalability of SAN and ECC support, it provides a future-proof security solution for dynamically evolving architectures.

Do you want to secure only one domain? Check out the standard version Certum Trusted SSL for one domain.

• ECC Cryptography (Elliptic Curve Cryptography): Utilizes elliptic curves for data encryption, offering higher performance, lower computational power consumption, and enhanced resistance to quantum attacks compared to traditional RSA algorithms.
• Support for up to 300 SAN (Subject Alternative Names): Secures up to 300 domains, subdomains, and hostnames within a single certificate, optimizing costs and management in distributed environments.
• Financial Guarantee of €400,000: Provides coverage for losses resulting from cryptographic errors or breaches in the certificate’s integrity.
• Organization Validation (OV): Confirms the legal legitimacy of the entity, verifies registration details and domain ownership, with the company name clearly displayed in the certificate.
• Compatibility with 99.9% of devices and browsers: Supports both legacy and modern systems (including IoT), TLS 1.2/1.3, as well as HSTS and OCSP stapling technologies.
• Automated Reissuance and Scalability: Integration with automation (e.g., via ACME) and deployment flexibility for servers (Apache, Nginx, IIS) and cloud platforms (AWS, Azure).
• Protection against MITM (Man-in-the-Middle): Enforces HTTPS encryption, displaying a lock icon and company information in browsers.
• Compliance with WebTrust, ETSI, PCI-DSS, and GDPR: The certificate meets these standards and is auditable for regulated sectors (finance, e-health).
• Server Performance Optimization: Lower CPU load due to ECC keys, which is crucial for high-demand applications and microservices.
• Future-proof for Hybrid Infrastructures: Supports multi-cloud architectures, APIs, DevOps, and edge computing solutions.

Security Seal for the Certum Trusted SSL Multi-Domain certificate is a dynamic, interactive visual element (available in PNG, SVG, or JavaScript format) that can be embedded on a website to confirm the certificate’s validity and authenticity in real time. It displays the verified organization name, the SSL expiration date, and the Certum logo, which increases user trust by instantly verifying the entity’s identity. It integrates with the HSTS protocol (HTTP Strict Transport Security), enforcing HTTPS encryption and blocking attempts to load the page via unsecured connections. The background OCSP stapling mechanism updates the certificate revocation status without burdening the infrastructure, reducing page load time by up to 30% compared to traditional methods. The seal is compatible with AMP (Accelerated Mobile Pages), Single-Page Apps (React, Angular), and CMS platforms (WordPress, Drupal), and its appearance can be customized to match the site’s branding. In the event of a security breach (e.g., certificate expiration or TLS configuration errors), the seal automatically switches to a visual alert, informing users of a potential threat. It is supported by all major browsers, including devices with limited resources, and complies with WCAG 2.1 accessibility requirements for people with disabilities. The seal complements the €400,000 financial guarantee, confirming that the site uses an OV certificate with ECC encryption which is crucial for government institutions and organizations handling sensitive data.

Validation procedure for the Certum Trusted SSL Multi-Domain certificate involves a multi-step verification process for both the applying organization and the control of domains and SAN (Subject Alternative Names). Initially, a CSR (Certificate Signing Request) is generated with a list of all domains and subdomains covered by the certificate, after which Certum initiates the Organization Validation (OV) process. This requires the submission of documents confirming the legal status of the entity (e.g., an excerpt from the National Court Register/REGON, registration documents for companies outside the EU) as well as telephone or email verification of operational activity. Simultaneously, a domain validation is conducted for each domain and subdomain listed in the SAN, which involves confirming the right to manage the domain by choosing one of the following methods: adding a DNS/TXT record, uploading a verification file to the web server, or confirming a link sent to the email address assigned to the domain (e.g., admin@domain.com). The entire process usually takes 1–3 business days, depending on the speed of document submission and the applicant’s response. In the event of an update to the SAN list after the certificate has been issued (e.g., adding a new subdomain), a new DCV validation for the new names is required while maintaining the primary OV validation. The certificate supports automation of this process through integration with the Certum API or the ACME protocol, which accelerates deployment in DevOps environments. All steps are audited in accordance with the WebTrust standard, and the data is processed in compliance with GDPR requirements. Whole verification procedure has been described in our Knowledgebase: Validation and verification for Certum Trusted SSL certificate.

Multi-Domain (SAN) feature in the Certum Trusted SSL Multi-Domain certificate enables the protection of up to 300 unique domain names and subdomains within a single certificate, eliminating the need for separate certificates for each domain. The SAN (Subject Alternative Names) mechanism allows for the dynamic addition, editing, or removal of names during the certificate’s validity period via a centralized administrative panel—an essential capability for hybrid environments (e.g., public cloud combined with on-premise infrastructure) and microservices architectures. Each name listed in the SAN undergoes Organization Validation (OV), which confirms the ownership of the domain or host, while the primary organizational validation—verifying the legal legitimacy of the entity—remains in place. The certificate supports both public domains (e.g., example.com) and subdomains (e.g., subdomain.example.com). Thanks to the integration with ECC (elliptic curve) encryption and TLS 1.2/1.3 protocols, the certificate optimizes performance even when protecting hundreds of domains simultaneously, thereby minimizing server load. The SAN feature is compatible with SNI (Server Name Indication) technology, which enables the hosting of multiple certificates on a single IP address—a critical factor for CDN providers or hosting platforms. In the event of an infrastructure change (e.g., domain migration or the addition of a new subdomain), the SAN can be updated immediately without invalidating or reissuing the certificate. Additionally, the certificate supports deployment automation via API interfaces and integration with ACME tools, which shortens configuration times in CI/CD environments. The business benefits include reduced management costs (one certificate instead of dozens), compliance with auditable standards (PCI-DSS for online shops), and scalability for dynamic organizations that regularly deploy new services or domains. Furthermore, all SAN names are protected by a financial guarantee of €400,000 and by HSTS and OCSP stapling mechanisms that safeguard against downgrade and MITM (Man-in-the-Middle) attacks. The Multi-Domain feature is especially designed for enterprises managing distributed ecosystems (e.g., corporations, fintech, SaaS), where centralization and flexibility are key operational requirements.

Certum Trusted SSL Multi-Domain ensures full compatibility with 99.9% of web browsers, operating systems, and mobile devices, including the latest versions of Chrome, Firefox, Safari, Edge, and Opera, as well as legacy environments (e.g., Internet Explorer 11). It supports the TLS 1.2 and TLS 1.3 protocols, guaranteeing secure connections that comply with current industry standards while maintaining backward compatibility with older devices (e.g., smartphones with Android 5+ and iOS 10+). The certificate is recognized by major trust stores (CA/Browser Forum), eliminating the need for manual installation of root certificates on end-user devices. Thanks to integration with OCSP stapling technology, the verification time for the certificate’s status is reduced, minimizing delays even in environments with limited bandwidth. The HSTS (HTTP Strict Transport Security) mechanism enforces HTTPS encryption, preventing downgrade attacks on browsers and mobile applications. Certum root certificates are pre-installed on major systems: Microsoft Windows (from XP/Server 2003 onward), macOS, Linux, Android, and iOS, ensuring immediate recognition of the certificate without additional configuration. Support for SNI (Server Name Indication) allows for proper operation on servers hosting multiple domains on a single IP address, even in hybrid environments (CDN, public clouds). The certificate is also compatible with the QUIC/HTTP3 protocols and developer tools (Postman, curl), confirming its universality in modern technology stacks. Please check the full list of supported devices and browsers.

Technical support for the Certum Trusted SSL Multi-Domain certificate provides comprehensive assistance at every stage of using the solution—from consulting during deployment planning, through the installation and configuration of the certificate, to ongoing operational support. A team of experts offers dedicated communication channels that enable quick problem reporting and precise guidance on integrating the certificate with various server environments and web applications. The professional technical support is built on years of experience and continuous monitoring of security status, ensuring immediate response to incidents and minimizing the risk of downtime. Clients have access to extensive online documentation, regularly updated guides, and instructions, which further facilitate the independent resolution of minor issues. This support structure guarantees that every inquiry is handled individually and that experts maintain the highest standards of security and reliability, which is crucial for protecting data transmission in a dynamic IT environment.