...
- The experience of recent years shows that server certificates are requested most frequently. If you don't know which certificate you should order, opt for Unified Communications .
- If you are thinking to apply for SSL Plus choose instead a Unified Communications. Similarly avoid EV SSL Plus and go for EV Multi Domain. Both SSL Plus varieties are cheap for people buying individual certs; in the TCS contract use the better varieties that allow Subject Alternative Names and 4096 bit keys.
- For Unified Communications the portal claims it is possible to have 25 Subject Alternative Names. In reality, more than 100 150 SANs have been tested successfully.
- The WildCard Plus variant unfortunately has no free choice Subject Alternative Names. They are limited to one Common Name (* .an.example.nl), but the corresponding non-wild domain (an.example.nl) will be included in the certificate. Digicert might change this in the future, but at the moment there is no date if/when this will happen.
- However, a method exists to combine multiple wildcards in one certificate. First generate two or more WildCard Plus certificates, each containing one wildcard. You really need to make the certificates; ordering the requests is not sufficient. In principle, use the same public/private key pair for the wildcards. Once you have generated the certificates, ask support@digicert.com to merge their order numbers into one new combined certificate. Support puts a new request in your queue; as an admin you will have to approve it. You should be able to also merge Unified Communications into in this game
 Example:
 Certificate 1: CN=*.eefje.surfnet.nl SAN=eefje.surfnet.nl
 Certificate 2: CN=*.joost..surfnet.nl SAN=joost.surfnet.nl
 Merge resultMerged: CN=*.eefje.surfnet.nl SAN=*.eefje.surfnet.nl , SAN=eefje.surfnet.nl , SAN=*.joost..surfnet.nl , SAN=joost.surfnet.nl
- Make moderately use of Extended Validation certificates. Use them for your important public Web sites, but not for server-server connections and choose a policy that does justice to the terms of use .
