You're probably not going to select dress shoes to wear to the gym. In a similar way, the SSL/TLS certificate you select depends on what it's being used for. There are different certificate types developed to satisfy various use cases.
Once you assess your business requirements, you will be able to determine which is the right SSL/TLS certificate or certificate mix to encrypt your web application(s) – or you can ask an expert. For the do-it-yourselfers, here are some common use cases and the type of SSL/TLS certificate recommended for each.
Common Use Cases for SSL/TLS Certificates
HTTPS Connection for a Single Domain
This represents someone with a basic website, landing page, or another web-based project that has only one possible domain via HTTPS (e.g., https://www.example.com and https://example.com)
HTTPS Connection for Multiple Domains
Useful for an organization with a basic website secured with SSL/TLS and the site allows multiple domains for HTTPS delivering the same web content (e.g., https://www.example.com, https://example.com and https://example2.com)
If additional domains, subdomains or SANs are required, a UC Multi-domain Certificate will cover you (e.g., mail.example. com, buy.example2.com, etc.).
Microsoft Exchange, Lync or Skype for Business Server
This use case typically involves encryption at multiple end-points because a unique domain for each service is usually required in desktop client-to-server environments using a Microsoft Exchange server: Webmail/IIS, SMTP, POP, IMAP and UM.
Server to Server
Situations when mutual authentication between two servers is needed and the certificate extension, EKU, requires client authentication (e.g., Exchange TLS between two organizations where one organization has a server with data that it needs to send to a third-party for processing. This is where mutual authorization is used that does not require a browser).
HTTPS for a Domain and an Unlimited Number of Its Subdomains
An efficient method that secures a domain and an unlimited number of its subdomains across an unlimited number of servers, which saves time and money.
While a Wildcard certificate enables administrative efficiencies for a domain, they bring security vulnerabilities at the server. Entrust Datacard recommends using Best Practices including SSL Server Testing and other safeguards when deploying Wildcard certificates. Check out our white paper, Private Key Duplication: The Safe Use of Wildcard and Multi-server Certificates.
HTTP Security for Non-registered Domain Names
A method to secure internal domains, non-fully qualified domain names (Non-FQDNs), which aren't registered and reserved IP addresses.
These are some of the most basic use cases for SSL/TLS certificates.
7-Part Blog Series
Additional ResourcesHow to Identify an Authentic Website