SAN certificates offer a convenient and cost-effective solution, securing multiple hostnames or domains with a single certificate. In this guide, we’ll cover everything you need to know about SAN certificates and how to use them.
What is a SAN Certificate?
A certificate is a special SSL/TLS certificate that allows multiple hostnames or domains to be secured under one certificate. The different hostnames are listed as “subject alternative names” in the certificate.
SAN certificates go by names like Unified Communications Certificates (UCC), multi-domain certificates, and Exchange certificates. But they all refer to the same thing: a single certificate protecting multiple names/domains.
The key advantage of a SAN certificate is consolidation. You don’t need separate certificates for each hostname or domain you want to protect. One SAN certificate can secure them all.
Benefits and Use Cases of SAN Certificates
Many benefits make SAN certificates popular for a variety of use cases:
-
Securing multiple hostnames or domains – The obvious benefit! A single SAN cert can secure www, mail, FTP, and any other subdomains needed—no more juggling individual certificates.
-
Using one certificate on multiple servers – SAN certificates can be installed concurrently on as many servers as needed, unlike traditional single-name certificates.
-
Flexibility to change names – You can reissue or replace a SAN certificate anytime to add or remove secured names. Very convenient.
-
Supporting multiple IPs and private keys – SAN certificates support hosting environments with diverse IP addresses across multiple servers.
-
Cost savings – One SAN certificate can cost less than multiple single-name certificates for the same level of coverage.
Some common use cases well suited to SAN certificates:
-
Securing www and non-www versions of a domain
-
Mail servers with multiple domains
-
Load balanced web servers
-
Multiple internal hostnames/IPs
-
Websites undergoing rebranding
Any situation requiring multiple different hostnames or domains to be secured makes a SAN certificate the ideal flexible solution.
Technical Details of SAN Certificates
Now, let’s get into the technical details of how SAN certificates work:
-
SAN certificates can include up to 500 names under one certificate. This consists of the primary Common Name (CN) and Subject Alternative Names.
-
Supported name types include fully qualified domain names (FQDNs) like and mail.domain.com.
-
Wildcard names are also supported, such as *.domain.com. However, multi-level wildcards like *.sub.domain.com are not allowed. For example, *.example.com would match test.example.com but not test.sub.example.com. The wildcard applies only to one subdomain level.
-
The certificate can be used concurrently on as many servers as needed. There are no technical limitations on reuse.
-
The names on a SAN certificate can also be changed through re-issuance. No need to wait for expiration!
A SAN certificate’s public/private key pair secures all included names. However, the certificate can consist of diverse IPs and be installed with multiple private keys across your servers.
Obtaining and Implementing a SAN Certificate
Let’s cover the process of obtaining a SAN certificate and putting it to use:
First, you’ll need to that includes all the hostnames to be secured. This is done through your web server or .
Next, purchase the SAN certificate from a trusted certificate authority like . The CA will validate your identity and issue a trusted certificate containing the Subject Alternative Names provided in the CSR.
Once issued, download and install the SAN certificate on all your web servers, mail servers, load balancers, etc. The certificate secures connections to any of the included hostnames.
Your website visitors, email users, and other clients will seamlessly trust the certificate. Connecting to any hostname in the SAN certificate will validate successfully, and they’ll see the reassuring padlock icon.
Keep the certificate renewed and updated as you add or change host names. A SAN certificate makes this process fast and convenient compared to managing individual certificates.
Conclusion and Recommendations
SAN certificates offer immense flexibility at an affordable cost by consolidating multiple hostnames under a single SSL/TLS certificate.
A is for you if you need to secure multiple domains or subdomains, use the same certificate across multiple servers, or make frequent hostname changes.