A Unified Communications Certificate (UCC), also known as a Subject Alternative Name (SAN) certificate, is a type of SSL/TLS certificate that secures multiple domain names and subdomains with a single certificate. UCCs are particularly useful for organizations using Microsoft Exchange or Office Communications Server, as well as those managing multiple related domains or subdomains.
Key Features:
- Secures multiple domains with one certificate
- Supports up to 250 SANs (Subject Alternative Names)
- Available as Domain Validated (DV), Organization Validated (OV), or Extended Validation (EV) certificates
- Ideal for Microsoft Exchange and Office Communications Server environments
How UCCs Work
- Multiple Domain Security: UCCs allow you to secure a primary domain and additional SANs under a single certificate.
- Flexible Configuration: You can add, remove, or modify SANs as needed throughout the certificate’s lifetime.
- Cost-Effective: UCCs reduce the need for multiple single-domain certificates, potentially lowering overall SSL/TLS costs.
- Simplified Management: With one certificate covering multiple domains, certificate management becomes more streamlined.
When to Use a UCC
Consider using a UCC when:
- You need to secure multiple domains or subdomains
- You’re running Microsoft Exchange or Office Communications Server
- You want to simplify SSL/TLS certificate management
- You’re looking to reduce costs associated with multiple single-domain certificates
How to Obtain and Install a UCC
Step 1: Determine Your Needs
- List all domains and subdomains you need to secure
- Decide on the validation level (DV, OV, or EV)
- Choose a reputable Certificate Authority (CA)
Step 2: Generate a Certificate Signing Request (CSR)
- Use your web server’s CSR generation tool
- Include your primary domain in the Common Name (CN) field
- List additional domains in the SAN field
Step 3: Submit Your CSR to the CA
- Provide the CSR to your chosen CA
- Complete the validation process (varies by CA and validation level)
- Pay for the certificate
Step 4: Receive and Install the Certificate
- Download the certificate from the CA
- Install the certificate on your web server
- Configure your web server to use the new certificate
Step 5: Test and Verify
- Check that all domains are correctly secured
- Verify that there are no certificate errors in browsers
- Test functionality of all secured services
Best Practices for UCC Management
- Regular Audits: Conduct periodic reviews of your UCC to ensure all necessary domains are included and remove any that are no longer needed.
- Renewal Planning: Set reminders for certificate expiration dates to avoid service interruptions.
- Monitoring: Implement automated monitoring for certificate expiration and potential security issues.
- Documentation: Maintain clear records of all domains covered by your UCC and their purposes.
- Access Control: Limit access to certificate management tools to authorized personnel only.
- Backup: Keep secure backups of your certificate and private key.
- Update Procedures: Establish a clear process for adding or removing domains from your UCC.
Common UCC Issues and Troubleshooting
- Missing SANs: Ensure all required domains are listed in the certificate’s SAN field.
- Solution: Reissue the certificate with the correct SANs.
- Certificate Mismatch: The certificate doesn’t match the domain being accessed.
- Solution: Verify server configuration and ensure the correct certificate is being served.
- Expiration: Certificate has expired or is nearing expiration.
- Solution: Renew the certificate promptly and implement expiration monitoring.
- Compatibility: Some older systems may not support UCCs.
- Solution: Update client software or consider using separate certificates for legacy systems.
- Mixed Content Warnings: Occurs when some resources are loaded over HTTP instead of HTTPS.
- Solution: Update all resource links to use HTTPS.
UCC vs. Wildcard Certificates
While both UCCs and wildcard certificates can secure multiple domains, they serve different purposes:
UCC | Wildcard Certificate |
---|---|
Secures specific domains and subdomains | Secures unlimited subdomains of a single domain |
Allows different top-level domains | Limited to subdomains of a single domain |
More flexible for diverse domain structures | Better for numerous subdomains under one main domain |
Can be more cost-effective for fewer domains | More cost-effective for many subdomains |
Choose based on your specific domain structure and security needs.
Conclusion
Unified Communications Certificates offer a flexible and efficient solution for securing multiple domains under a single certificate. By simplifying management and potentially reducing costs, UCCs are an excellent choice for organizations with diverse domain structures or those using Microsoft communication services. Remember to follow best practices in certificate management to ensure continued security and smooth operations across all your domains.
Additional Resources
- SSL.com UCCs can be ordered for up to five years. UCCs with can be ordered for up to two years.
- gives more detail about how to order an SSL.com UC certificate using .