A SAN (Subject Alternative Name) certificate is a type of SSL certificate that allows multiple domain names to be secured under a single certificate — not to be confused with a wildcard SSL certificate that covers all subdomains for a single domain.
Instead of having separate certificates for each domain, a SAN certificate can cover all of them, providing convenience and allowing your SSL certificate cost to be significantly lower. Although SAN certificates are not a go-to solution yet, some hosting and control panel providers offer this option: e.g. SAN SSL certificates by ispmanager.
If you do not need a SAN certificate yet, consider starting with a Let’s Encrypt free SSL certificate, which can also be provided by ispmanager.
What is SSL/TLS Certificate
Before diving into SAN certificates, let’s refresh on what SSL/TLS certificates are and why they are essential for the modern internet. SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that encrypt data between a client (e.g. a web browser) and a server. Encryption protects sensitive information, such as personal data or financial transactions, from unauthorized access.
SSL/TLS certificates are used to verify a server’s identity and establish a secure connection. When a user visits a website with HTTPS (HTTP Secure), the browser checks the SSL/TLS certificate installed on the server to ensure that the website is legitimate. This certificate contains information about the website’s owner, the certification center (or certification authority, CA) that issued the certificate, and the encryption keys used for secure communication.
There are different types of SSL/TLS certificates available, each offering varying levels of validation and security features:
- Domain Validated (DV) Certificates. DV certificates only verify the ownership of the domain name and provide a basic level of validation. They are typically issued by the website’s owner and used for personal websites or blogs.
- Organization Validated (OV) Certificates. In addition to domain validation, OV certificates also verify the organization behind the website. They provide a higher level of website’s security and are commonly used by businesses on the web.
- Extended Validation (EV) Certificates. EV certificates offer the highest level of validation. They require a thorough verification process, including manual verification of documents and contact information. EV certificates are used by websites that handle sensitive information and online transactions.
SAN/UCC Certificates
SAN (Subject Alternative Name) certificates, also known as UCC (Unified Communications Certificate) certificates allow multiple domain names to be secured under a single certificate.
SAN certificates work by including multiple domain names in the Subject Alternative Name field of the certificate. This field allows the certificate to be valid for all listed domains, eliminating the need for separate certificates. For example, a SAN certificate can secure domains such as www.example.com, mail.example.com, and shop.example.com, all under one certificate.
The ability to secure multiple domain names makes SAN certificates an ideal choice for organizations or individuals with multiple websites or subdomains. They also provide a number of unique benefits.
One of the benefits is certificate flexibility. They can be reissued to change domains at any time without extra fees. If you decide to change your domain name or add new domains to your website, you can simply reissue your certificate and reassign SANs to the new domains.
Additionally, SAN certificates can secure up to 500 entries, and the first couple of non-wildcard entries are often included in the initial SSL certificate price. This allows organizations to secure a large number of domains under a single certificate, further reducing costs and making it easier to manage certificates.
Lastly, SAN certificates can be used on unlimited IP addresses with multiple, concurrent private keys. This is particularly beneficial for hosting providers or organizations with virtual hosts, as it allows them to secure multiple IP addresses and private keys without the need for separate certificates.
SAN vs Wildcard Certificates
SAN SSL certificates may resemble Wildcard certificates in the way they apply for multiple domains and subdomains. The main difference between SAN and Wildcard lies in the scope of domains they can secure.
SAN certificates are designed to secure multiple specific domain names under a single certificate. Each domain name is listed in the Subject Alternative Name field of the certificate, allowing it to be valid for all listed domains.
Wildcard certificates secure a single domain and all its subdomains. They use a wildcard character (*) in the domain name field, which effectively means “any subdomain of this selected domain”. A Wildcard certificate for *.example.com would be valid for www.example.com, mail.example.com, shop.example.com, etc.
When To Use SAN Certificate
SAN certificates are particularly useful for:
- Securing Multiple Domains Under a Single Certificate. If you have multiple domains and/or subdomains that need to be secured, going for a SAN certificate will likely be a cost-efficient solution.
- Secure Communication for Unified Communications (UC) Platforms. UC platforms integrate various communication tools such as email, instant messaging, and video conferencing, that often require secure connections. SAN certificates can secure the different domains associated with these platforms, ensuring that communication remains encrySpted and protected.
- Load Balancing and High Availability Setups. When a request routing load balancer is used to manage traffic, a single SAN certificate will help to cover multiple virtual hostnames. All of them will have the same valid and trusted certificate, allowing for seamless and secure request routing without the need to issue extra certificates.
Choosing the Right SAN Certificate Provider
When selecting a SAN certificate provider, there are several factors to consider:
- Validation Levels. Different providers offer varying levels of validation for their SAN certificates. Consider the level of trust and security required for your website and choose a provider accordingly.
- Reputation and Trustworthiness. Look for SAN certificate providers that are well-established and trusted in the industry. Check for reviews and feedback from other customers to ensure the provider has a good reputation.
- Pricing and Support Option. Compare the pricing and support options offered by different providers. Consider factors such as the cost of additional entries, renewal fees, and the availability of customer support.
- Ease of Integration. If you are using a cloud hosting or/and Linux control panel, there is a chance your provider offers SAN certificates from a trusted provider. Acquiring certificates through the control panel (or hosting) provider will make it easier to manage and renew them.
Summary
SAN (UCC) certificates are a type of SSL/TLS certificate that allows for securing multiple domain names. They offer convenience, cost savings, and flexibility for organizations with multiple servers (app instances), domains, and subdomains.
When choosing a SAN certificate provider, it is important to consider factors such as the validation levels offered, the reputation and trustworthiness of the provider, pricing, and of integration with your hosting or control panel — for example, ispmanager offers Sectigo’s trusted SPN certificate.
When choosing a SAN certificate provider, consider factors such as validation levels, reputation, pricing, and support options.
Disclosure: If we like a product or service, we might refer them to our readers via an affiliate link, which means we may receive a referral commission from the sale if you buy the product that we recommended, read more about that in our affiliate disclosure.
Read More: World News | Entertainment News | Celeb News
Tech Follows
