SAN Certificates
What can Subject Alternative Names do?
Hosting multiple SSL-enabled sites on a single server typically requires a unique IP address per site, but a certificate with Subject Alternative Names can solve this problem. Microsoft IIS 6, 7 and Apache are both able to Virtual Host HTTPS sites using Unified Communications SSL certificate, also known as SAN certificates.
Features
- Can Contain Different FQDN (Fully Qualified Domains Names) or same top level domains with different hosts.
- Can have up to 1 Main Domain and 4 additional Domains within the certificate.
- Example 1: host1.domain.com and host2.domain.com
- Example 2: www.domain.com and www.abc.com.
- Can be deployed across multiple servers when purchasing licenses.
- Instances where there is a need to secure multiple domains that resolve to a single IP address (such as in a shared hosting environment).
Using a SAN certificate saves the hassle and time involved in configuring multiple IP addresses on Exchange 2007 server.
How browsers use the Subject Alternative Name field in SSL certificate?
When browsers connect to server using https, they check to make sure SSL certificate matches the domain name in the address bar.
There are three ways for browsers to find a match:
- The domain name (in the address bar) exactly matches the Common Name in the certificate’s Subject.
- The domain name matches a wildcard common name. For example, www.example.com matches the common name *.example.com.
- The Domain name is listed in the Subject Alternative Name field.
Comparing the Server Name it connects to, with the Common Name in the Server certificate, is a common way browses match the domain name typed in the address bar.
It is safe to assume that all SSL clients support exact common name matching.
If an SSL certificate has a Subject Alternative Name (SAN) field, then SSL clients are supposed to ignore the common name value andseek a match in the SAN list.
Features
The SAN attribute is available with all Verisign certificates
digicert mutli-domain ssl
WHAT IS A MULTI-DOMAIN CERTIFICATE?
Multi-Domain Certificates, also called SAN certificates, offer boundless flexibility and complete control over the Subject Alternative Name field. And now, any DigiCert certificate can be configured to allow multi-domain. These certificates are ideal for securing many names across different domains and subdomains. You also have the option to add, change, and delete of the SANs on the fly to reflect the evolving needs of your network. Here’s how it works:
With any DigiCert certificate, you could secure the following domains:
www.example.com
www.example2.com
www.example3.net
mail.example.net
dev.example2.net
The Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single TLS/SSL certificate, such as a Multi-Domain (SAN) or Extended Validation Multi-Domain Certificate.