The Essential Guide to SAN Certificates

SSL/TLS certificates securely enable HTTPS and other encrypted connections for websites and services. Typically, you need a separate certificate for each hostname or domain you want to protect. This can get expensive for large or complex sites.

SAN certificates offer a convenient and cost-effective solution, securing multiple hostnames or domains with a single certificate. In this guide, we’ll cover everything you need to know about SAN certificates and how to use them.

What is a SAN Certificate?

A Subject Alternative Name (SAN) certificate is a special SSL/TLS certificate that allows multiple hostnames or domains to be secured under one certificate. The different hostnames are listed as “subject alternative names” in the certificate.

SAN certificates go by names like Unified Communications Certificates (UCC), multi-domain certificates, and Exchange certificates. But they all refer to the same thing: a single certificate protecting multiple names/domains.

The key advantage of a SAN certificate is consolidation. You don’t need separate certificates for each hostname or domain you want to protect. One SAN certificate can secure them all.

Benefits and Use Cases of SAN Certificates

Many benefits make SAN certificates popular for a variety of use cases:

  • Securing multiple hostnames or domains – The obvious benefit! A single SAN cert can secure www, mail, FTP, and any other subdomains needed—no more juggling individual certificates.

  • Using one certificate on multiple servers – SAN certificates can be installed concurrently on as many servers as needed, unlike traditional single-name certificates.

  • Flexibility to change names – You can reissue or replace a SAN certificate anytime to add or remove secured names. Very convenient.

  • Supporting multiple IPs and private keys – SAN certificates support hosting environments with diverse IP addresses across multiple servers.

  • Cost savings – One SAN certificate can cost less than multiple single-name certificates for the same level of coverage.

Some common use cases well suited to SAN certificates:

  • Securing www and non-www versions of a domain

  • Mail servers with multiple domains

  • Load balanced web servers

  • Multiple internal hostnames/IPs

  • Websites undergoing rebranding

Any situation requiring multiple different hostnames or domains to be secured makes a SAN certificate the ideal flexible solution.

Many benefits make SAN certificates popular for a variety of use cases. To get your own multipurpose SAN certificate, contact our support team.

Learn more about our SAN Certificates

Technical Details of SAN Certificates

Now, let’s get into the technical details of how SAN certificates work:

  • SAN certificates can include up to 500 names under one certificate. This consists of the primary Common Name (CN) and Subject Alternative Names.

  • Supported name types include fully qualified domain names (FQDNs) like www.domain.com and mail.domain.com.

  • Wildcard names are also supported, such as *.domain.com. However, multi-level wildcards like *.sub.domain.com are not allowed. For example, *.example.com would match test.example.com but not test.sub.example.com. The wildcard applies only to one subdomain level.

  • The certificate can be used concurrently on as many servers as needed. There are no technical limitations on reuse.

  • The names on a SAN certificate can also be changed through re-issuance. No need to wait for expiration!

A SAN certificate’s public/private key pair secures all included names. However, the certificate can consist of diverse IPs and be installed with multiple private keys across your servers.

Obtaining and Implementing a SAN Certificate

Let’s cover the process of obtaining a SAN certificate and putting it to use:

First, you’ll need to generate a Certificate Signing Request (CSR) that includes all the hostnames to be secured. This is done through your web server or CSR generator tool.

Next, purchase the SAN certificate from a trusted certificate authority like SSL.com. The CA will validate your identity and issue a trusted certificate containing the Subject Alternative Names provided in the CSR.

Once issued, download and install the SAN certificate on all your web servers, mail servers, load balancers, etc. The certificate secures connections to any of the included hostnames.

Your website visitors, email users, and other clients will seamlessly trust the certificate. Connecting to any hostname in the SAN certificate will validate successfully, and they’ll see the reassuring padlock icon.

Keep the certificate renewed and updated as you add or change host names. A SAN certificate makes this process fast and convenient compared to managing individual certificates.

Conclusion and Recommendations

SAN certificates offer immense flexibility at an affordable cost by consolidating multiple hostnames under a single SSL/TLS certificate.

A SAN certificate is for you if you need to secure multiple domains or subdomains, use the same certificate across multiple servers, or make frequent hostname changes.

Choose a reputable CA like SSL.com to issue your SAN certificate process and the best value for stress-free. Take advantage of the convenience and simplicity of SAN certificates for your multi-domain needs. One certificate can do it all!

SSL Support Team

All Posts

Related Articles

View All Articles
Facebook Youtube Twitter Github

Subscribe to SSL.com’s Newsletter

What is SSL/TLS?

Play Video

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey