Subject Alternative Names

Some certiicates offer Subject Alternative Name or SAN certificates – they allow for more than one fully qualified domain name to be protected using a single certificate.

To the right is the certificate information for a GeoTrust EV certificate with the SAN option. In this case, a single certificate for geotrust.com also protects geotrust.net.

We’ve received a few queries about SAN certificates and how they differ from wildcard certs. With that in mind, I’ve put together a quick reference guide here.

Let’s start with a basic look at both wildcard and SAN certs.

  • Wildcard: a wildcard certificate allows for unlimited subdomains to be protected with a single certificate. For example, you could use a wildcard certificate for the domain name opensrs.com and that cert would also work for mail.opensrs.com, ftp.opensrs.com and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *.opensrs.com.
  • SAN: a SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for opensrs.com, and then add more SAN values to have the same certificate protect opensrs.org, opensrs.net and even tucows.com.

Some important things to note:

Depending on the specific brand and certificate product, the SAN cert will include either one or four additional domains at the price quoted on our chart. Additional SAN values can usually be added up to a maximum number of either 5 or 25 total domains (including the base domain).

In most cases, the SAN values can be changed at anytime during the life of the certificate – you’d just need to change the value, and then do a free re-issue.

When to choose a wildcard, and when to choose a SAN:

Wildcard certs are great for protecting multiple subdomains on a single domain. In many cases, the wildcard cert makes more sense than a SAN because it allows for unlimited subdomains and you don’t need to define them at the time of purchase. You could provision *.softwareguru.com and in at anytime during the life of the certificate, you decided to add www3.softwareguru.com or mail.softwareguru.com, that cert would just work, no reissue required.

If, on the other hand, you need to protect multiple domain names, then the SAN certificate might be the right choice. Protecting alternative domains with the same website (softwareguru.com and softwareguru.net) is a great example. One caveat – you need to define the additional domains and add them to the certificate for it to work.

SAN certificates, like wildcard certs, are a great way to save some money and also to make administration a bit easier as you can reduce the number of certificates provisioned since they cover multiple domains.

One last note – the unique QuickSSL Premium with SAN:

We also sell a bit of a hybrid product – the GeoTrust QuickSSL Premium with SAN. This cert is a bit different than the rest of our SAN products. It allows for the protection of four subdomains in addition to the base domain. That makes it more like a restricted wildcard certificate than a true SAN. You also have to add the subdomains at the time of purchase, and they can’t be altered once the cert is provisioned.

Notes on number of SANs

  • Quick SSL Premium SAN—4 (subdomains only)
  • TrueBusiness ID SAN—4 to 24
  • TrueBusiness ID EV SAN—4 to 24
  • Secure Site EV SAN—1 to 24
  • Secure Site Pro EV SAN—1 to 24
  • Secure Site Pro SAN—1 to 24
  • Secure Site SAN—1 to 24
  • SGC Super Certs SAN—1 to 4
  • SSL WebServer EV SAN—1 to 4
  • SSL WebServer Certificates with SAN—1 to 4

 

Other names for SANs

At other registrars they may list SANs as Multiple-Domain Certificates or Multi-Domain Certificates, meaning that you can have multiple domain names listed on the certificate.  Which is exactly what a SAN is.

  • 0 Users Found This Useful
Was this answer helpful?