Generally, a domain name or URL requires just one certificate to be secure. But what if you need to secure multiple domains? How can you manage their security without sacrificing budget and time?

Securing Multiple Domains

Securing multiple domains can be achieved with 2 approaches, Wildcard certificates and Unified Communications Certificates (UCC), also known as SAN (Subject Alternative Name). SAN lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, while a Wildcard certificate can support a single domain and an unlimited number of first-level subdomains. SAN/UCC can also be combined as an extension with a Wildcard to add functionality to the certificate. You can combine these two certificates as a Multi-domain Wildcard SSL Certificate depending on your needs. This makes managing the security of multiple websites much easier and cheaper than managing a separate SSL certificate for every domain you own.

Read More:Securing Multiple Domains with SAN/UCC Certificates

I just wanted to provide you a overview about both wildcard and SAN certs.

Wildcard:

A wildcard certificate allows for unlimited subdomains to be protected with a single certificate.

For example, you could use a wildcard certificate for the domain name abc.com and that cert would also work for mail.abc.com, ftp.abc.com and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *.abc.com.

It does not allow extended validations.

SAN:

A SAN cert allows for multiple domain names to be protected with a single certificate.

For example, you could get a certificate for abc.com, and then add more SAN values to have the same certificate protect abc.org, abc.net and even abc.xyz

It allows extended validations.

Yes, it's certainly technically possible. For instance, the cetrtificate for Microsoft Outlook Web Access (https://outlook.office365.com) was issued to outlook.com, and has a combination of wildcarded and non-wildcarded names in the SAN section:

DNS Name=outlook.com
DNS Name=*.outlook.com
DNS Name=office365.com
DNS Name=*.office365.com
DNS Name=*.live.com
DNS Name=*.internal.outlook.com
DNS Name=*.outlook.office365.com
DNS Name=outlook.office.com
DNS Name=attachment.outlook.office.net
DNS Name=attachment.outlook.officeppe.net

Of course, as pointed out above, this cert was issued by Microsoft themselves, so they can pretty much do what they want.

I assume you use want to use the certificate for HTTP. In this case you need to look at RFC 2818. This RFC clearly defines that common name should only be used if no subject alternative names are configured, but it allows wildcards certificates in the SAN extension. So it should be possible to combine several non-wildcard and wildcard certificates inside the SAN part of the certificate.

It looks like various CAs have different policies about creating certificates mixing wildcard and non-wildcard: While Thawte argues that mixing is not possible (https://community.thawte.com/blog-posts/difference-between-wildcard-ssl-vs-san-certificate) DigiCert propagates it as the best of both worlds (http://www.digicert.com/ssl-support/wildcard-san-names.htm). So it seems to be more a limitation of the CAs and not of the browsers and definitely not of the standard.