A SAN certificate is an SSL/TLS certificate which hosts multiple domains and subdomains on the single certificate. It is often called a Multi Domain certificate. They are used for a number of reasons; from server limitations to sheer convenience.
What is a SAN?
To better understand what a SAN SSL/TLS certificate is, we will need to understand what a SAN is.
SAN stands for Subjective Alternative Name, a fancy way of saying any domain that isn’t the common name. A domain is a website address. An example is “trustico.com”; this will point you to Trustico’s website without needing to type in its IP address. To create a website, you will need to purchase a domain and whenever a customer needs to access your site, they will use your domain name to do so.
A subdomain is simply a website that is owned by a domain but is separate to the website itself. Subdomains are utilized for a wide range of purposes and see a lot of use by, for instance, e-commerce businesses. An example of a subdomain is “secure.trustico.com”. A subdomain is created by using a dot “.” before the domain with a set of words (in our example “secure”). A subdomain can be an entirely different website to the root domain website, a common example being a blog site such as blog.trustico.com. You’ll notice that blog.trustico.com is completely different to www.trustico.com.
SAN certificates can secure domains and subdomains, as well as Wildcard domains. For more information on Wildcard domains, read this article:
blog.trustico.com/resources/resource-articles/understanding-wildcard-ssl-certificates.php
The above images display the examples of a subdomain along with the domain itself. Subdomains can be many levels deep as explained further in this article.
What is a SAN certificate?
SAN certificates are designed to secure a large number of domains and subdomains on the single SSL/TLS certificate. Some SAN certificates, such as the Comodo SSL + Multi Domain, allow for a common name, while on others there is no specified common name and the certificate is simply issued to all the SANs. Specifying a common name is generally only necessary for some exchange type servers which can only function with SSL/TLS certificates which list a common name. Additionally, only some SAN certificates support Wildcard SANs.
What can the certificate secure?
Any domain and subdomain belonging to any root domain and TLD, such as:
- example.com.au
- www.example.com
- random.com
- test.etc.dev
It is worth noting that on SAN certificates, unlike on most single site certificates, specifying a root domain name will not automatically secure its ‘www.’ counterpart, and vice versa. A www. domain is a subdomain of the root; it is generally included in a single site certificate as a convenience to the customer due to the commonness of utilizing both domains. Make sure to check that you’ve specified the www. counterpart of your root domains on a SAN certificate, if needed.
What do I need to include in the CSR?
When creating a CSR for a SAN certificate, you have two options. You can either generate the CSR with only the common name and then specify SANs during the order process of your SAN certificate; or generate the CSR with the common name and your desired SANs. Note though that some ordering systems will only recognize the common name in the CSR and require you enter the SANs manually, while others will recognize the common name and all of the SANs included in the CSR and automatically populate them into the order.
The exact procedure on how to generate a CSR differs from server to server. Online instructions on how to generate a CSR for most major server types can be easily found with a simple internet search. If you cannot find instructions for your server, we suggest referring to your server manual. Trustico also offers a CSR generation tool, though we don’t recommend you use it in a production environment as it is intended for testing purposes. You can view it at tools.trustico.com
I need to install my SAN certificate across multiple servers
All SAN certificates purchased through Trustico come with an unlimited number of server licenses.
What does this mean?
This means that you can install your SSL/TLS certificate on an unlimited number of physical servers at the same time with no disruption to any other installations. Need to install your SSL/TLS certificate across 10 different servers? No problem, a Trustico SSL certificate can do just that.
What are the benefits and advantages of a SAN certificate?
- Time Saved: SAN certificates are huge time savers. If you have 15 domains you need secured, that’s 15 orders you have to place, 15 times you need to complete validation, and 15 times you need to install an SSL certificate. With a SAN certificate, you can reduce all of that to a once off. When the SSL certificate is up for renewal, you only need to renew the single SAN certificate.
- Compatibility: Where Wildcard SSL/TLS certificates can sometimes have issues securing domains on mobile devices and exchange servers due to not specifically designating each domain, a SAN certificate does not experience such issues. Furthermore, servers which host many domains but only support a single SSL/TLS certificate require either a SAN or Wildcard certificate; often specifically a SAN certificate.
How do I install a SAN certificate?
There is no difference between installing a SAN certificate or a single site SSL/TLS certificate on a server, though it does require that you bind the certificate to each individual SAN once installed.
It is highly recommended that you consult your server manual for the correct way to install an SSL certificate. Reviewing the instructions should be done before installation to make sure that you are installing the SSL Certificate correctly the first time.
Trustico provides installation instructions for most major
server types, which can be viewed on the link below:
www.trustico.com/install/how-to-install-ssl-certificate.php
What SAN certificates do you offer?
Trustico offers several highly trusted SAN certificates from the most trusted brands of SSL certificate providers.
- Sectigo SSL + UCC
- Positive SSL + Multi Domain
- PremiumSSL Multi Domain
- Sectigo EV SSL + Multi Domain
- Trustico Multi Domain
- Trustico EV + Multi Domain
What is the difference between them all?
The SAN certificates are issued by brand as follows:
- Sectigo (formerly Comodo CA) – Sectigo SSL + UCC, Positive SSL + Multi Domain, PremiumSSL Multi Domain, Sectigo EV SSL + Multi Domain
- Trustico – Trustico Multi Domain, Trustico EV + Multi Domain
The major difference between these SAN certificates are that they are broken down into three categories. Domain Validated (DV), Organisation Validated (OV) and Extended Validation (EV).
Domain Validated (DV)
The following products are Domain Validated SAN certificates:
- Sectigo SSL + UCC
- Positive SSL + Multi Domain
- Trustico Multi Domain
DV SSL certificates can be issued within minutes, the only requirement is completion of domain control validation.
It is worth noting that these certificates are only validated for your domain name, meaning that only your domain name will be included in the SSL Certificate. There will be no identifying company information in the certificate whatsoever.
DV SSL Certificate Recommendations
DV SAN certificates are perfect for the start-up business with low level
transactions and visitors to their website, and for internal use where company
information in the certificate is not necessary.
Organization Validated (OV)
The following products are Organization Validated SAN certificates:
- PremiumSSL Multi Domain
OV SSL certificates provide a high standard of trust. As mentioned previously, the DV certificates only require domain control validation. OV SSL certificates are issued to your domain name and company. This means that your company details will be listed in the certificate and the site seal issued with the SSL certificate.
This adds a critical level of trust to your customers and website. It shows that not only is your website and domain name safe to purchase from, but also that your company is legitimate, trustworthy, registered within your country and ready for business.
OV SSL Certificate Recommendations
Everyone using a SAN certificate on a public facing website or e-commerce
website should purchase at least an OV level SSL certificate. It is becoming
increasingly important to instil the trust of not only your domain name and
website, but company too, in potential customers.
Extended Validation (EV)
The following products are Extended Validation SAN certificates:
- Sectigo EV SSL + Multi Domain
- Trustico EV + Multi Domain
EV SSL/TLS certificates provide the highest standard of trust. EV SSL/TLS certificates are unique in that they offer a positive sign of their implementation on a website – the highly recognizable green address bar containing the business/organization name of the website.
This adds instantly recognizable trust to your domains. It screams ‘I’m ready for business’ as your organization has been thoroughly vetted to the highest standards of trust and legitimacy. For more information on the benefits of EV SSL/TLS certificates, read this article:
blog.trustico.com/cyber-security/secure-with-ev.php
Mitchell has a Bachelor of Arts with Majors in Journalism and Foreign Relations; and a Diploma of Digital Design.