What is an SSL SAN?

Subject Alternative Names (SAN) is a feature available on select SSL Certificates which allows for multiple domain names to be protected under the one certificate.


Learning Objectives

After reading this article you will be able to:

  • Describe what an SSL SAN is and it's purpose
  • Understand when an SSL SAN shuld be used
  • Pick an SSL Certificate that supports the SAN functionality

Learning Centre

View more resources on cyber security, encryption and the internet.

Understanding the Purpose of a SAN Certificate

A SAN Certificate, also known as a Multi-Domain SSL Certificate, shares the primary purpose of any SSL certificate: to verify a website's identity and establish a secure, encrypted connection between a user's browser and a web server. What makes a SAN SSL Certificate unique is its ability to secure multiple domains and even subdomains with a single SSL certificate, making it a versatile and cost-effective choice for those managing multiple sites.

What is SSL SAN?

SSL SAN stands for Secure Sockets Layer Subject Alternative Name. Essentially, it refers to the capability of an SSL certificate to cover multiple hostnames, such as domains and subdomains. This Subject Alternative Name (SAN) field, embedded within the certificate, enables the protection of multiple fully qualified domain names (FQDNs) under one SAN SSL certificate. This simplifies certificate management and improves security across multiple domains.

How Does a SAN Certificate Work?

A SAN SSL certificate works by listing all the domains and subdomains that need to be secured under a single certificate in the Subject Alternative Name field. This field allows a SAN certificate to cover a range of host names—from primary domain names to non-www versions, subdomains, and even different TLDs (top-level domains).

For example, a SAN certificate can cover:

  • www.domain.com
  • domain.com
  • shop.domain.com
  • www.anotherdomain.net

This means you can use the same SSL certificate to secure multiple domains or subdomains across different TLDs, all from one place. A trusted Certificate Authority (CA) will validate these domains as part of the validation process, confirming that the certificate owner has the right to secure each listed in the SAN field.

Why Use SAN SSL Certificates?

SAN SSL certificates offer several key benefits, especially for organisations or website owners managing multiple sites. Here's why they're a practical option:

  • Secure Multiple Domains and Subdomains: A single SAN SSL certificate can cover several domains, subdomains, and different TLDs. This means you no longer need separate SSL certificates for each domain name, which is especially useful if you're running multiple websites.
  • Simplified Certificate Management: Managing several SSL certificates can be a hassle, requiring frequent renewals and updates. A SAN certificate streamlines this process by allowing you to oversee the security of all domains from one single solution.
  • Cost-Effective Solution: Rather than purchasing multiple certificates for each domain or subdomain, a SAN SSL certificate covers all necessary domains in one go, reducing the overall cost while still providing robust encryption.
  • Flexibility to Add or Remove Domains:A SAN certificate allows you to add or remove domains and subdomains as needed, making it an adaptable security option for changing business needs, such as expanding to new domains or subdomains.

Example of Using a SAN SSL Certificate

Suppose your organisation operates multiple domains like:

  • http://www.domain.com
  • http://domain.com
  • http://shop.domain.com
  • http://support.anotherdomain.org

Typically, these domains are treated as separate DNS namespaces, and without a SAN SSL certificate, you would need to secure each domain with its own separate SSL certificate. However, using a SAN SSL certificate, all these domains—whether different or related—can be covered with one certificate. This significantly reduces costs and simplifies certificate management.

SAN Certificate for Mail Servers and IP Addresses

SAN certificates can also be used for more than just websites. For example, they can secure mail servers like Microsoft Exchange or Office Communications servers and even secure single IP addresses across multiple servers.

Types of SSL Certificates that Leverage SAN

  1. Domain Validation (DV) SAN Certificates: Ideal for those seeking basic encryption across multiple domains, these certificates verify domain ownership quickly.
  2. Organisation Validation (OV) SAN Certificates: In addition to domain ownership, these certificates verify the organisation's legitimacy, offering higher assurance.
  3. Wildcard Certificates with SAN: Wildcard certificates are designed to cover unlimited subdomains under a single domain (e.g., *.domain.com). When combined with SAN, they can securebothmultiple domains and all their first-level subdomains.

How SAN Certificates Differ from Traditional SSL Certificates

A standard single-domain SSL certificate typically protects one domain or its subdomains. For instance, a certificate for domain.com might not automatically secure www.domain.com or shop.domain.com. In contrast, a SAN certificate provides the flexibility to secure multiple domains, subdomains, and even different TLDs.

While Wildcard certificates cover all subdomains under one domain, a SAN SSL certificate allows you to secure different certificates for multiple domains, unrelated DNS namespaces, or even multiple host names with a single solution.

Certificate Management and Lifespan

One key advantage of a SAN SSL certificate is its centralised certificate management. Instead of tracking and renewing multiple certificates across different domains, you manage just one. This consolidated approach makes it easier to monitor your certificate lifespan, ensuring your domains remain secure without hassle.

Conclusion: Is a SAN SSL Certificate Right for You?

Suppose you operate multiple websites, subdomains, or even different top-level domains. In that case, a SAN SSL certificate offers a cost-effective solution and simplified certificate management. SAN certificates reduce administrative overhead and provide flexible security for growing businesses by allowing you to secure multiple domains and subdomains under one certificate.

For those looking to protect their users' data and build trust across a variety of domains, exploring Multi-Domain SSL Certificates or Unified Communications Certificates is a smart step towards improving online security while simplifying the process.