Secure multiple domains and subdomains using one SAN SSL certificate

SAN SSLs (standing for “Subject Alternative Name”) secure multiple domains or subdomains using one SSL certificate. It is also called UCC (Unified Communication Certificate) when used with server environments like Microsoft Exchange and Communications servers. Another name by which these same certificates are universally known is multi-domain certificates. When creating the certificate signing request (CSR), the common name (CNAME) field holds the primary domain you’re attempting to secure and cannot be altered later. However, additional domains and subdomains can be listed on the same SAN certificate and encrypted along with the primary domain.

Benefits of Using a SAN SSL Certificate

If you’re still not convinced whether you should invest in a SAN SSL, perhaps the product specs listed below will help you make the right choice for yourself and your organization. 

• Ease of certificate management: A SAN SSL certificate brings down administrative and deployment costs in addition to easier certificate management. It decreases complexity by using a single certificate to support a host of domains.
• Flexibility: SAN certificates can be used on multiple servers, IP addresses, and domains. It supports the addition or removal of domains and subdomains even after certificate issuance.
• Encryption strength: SAN SSL certificates incorporate the highest standards in SSL technology— 256-bit encryption with a 2048-bit RSA Signature Key
• Compatibility: SAN SSLs are trusted by almost all browsers on desktop and mobile platforms. Additionally, it secures various environments like Microsoft Exchange Servers, mobile device manager, web environments, etc.
• Warranty: Most CAs give an assured warranty to cover any damages in the unlikely event of a problem on the CA’s end. The sum insured depends on the specific certificate you choose and the CA.

How Does A SAN SSL Work?

A SAN SSL certificate is a single certificate that can secure several domains or subdomains at various levels. Additional coverage for up to a fixed number of domains or subdomains can also be obtained at extra cost. However, larger certificates with hundreds of SANs listed might affect page load speeds by a few milliseconds.

To understand how a SAN certificate works, consider the following example:

A businessman plans to launch different websites for all of their businesses and encrypt the communication between the connecting browser and the server. However, they want to deploy a single certificate to save money and for easier management. They submit a CSR and the certificate authority (CA) issues a certificate with the base domain listed as the common name, www.examplesite.com, and lists the domains and subdomains mentioned below as SANs:

• newsite.com
• examplesite.com
• anothersite.org
• mail.example.net

Now, remember that SANs are mentioned on the same certificate and will therefore be visible to all your site visitors if they view the certificate.

Who Should Get a SAN Certificate?

If you’re someone who has multiple websites they need to secure, with different top-level domains (like .com, .org, .net, etc.) and multiple levels of subdomains, SAN SSL certificates are the best choice. They’re not only a cost-effective solution but will also help you save up on time and reduce effort costs.

What Options Are Available in Terms of Validation Levels?

SAN SSL certificates come in all three validation levels – domain validated (DV), organization validated (OV), and extended validation (EV). DV certificates are particularly useful for bloggers, startups, or small businesses that don’t handle sensitive data. OV and EV certificates are enterprise-grade certificates for well-established businesses that deal with sensitive customer data like financial records, personally identifiable information, etc. Note that if SAN certificates are shared between companies, the CA can not issue OV and EV certificates for them.