Subject Alternative Name (SAN) – SSL Certificate

What is Subject Alternative Name (SAN)?

SAN is an extension field in an SSL certificate that allows multiple domain names or subdomains to be listed on a single certificate. For example, a SAN certificate could secure multiple domains like:

2. How SAN is Used

When a browser connects to a server, it checks the SAN field to see if the domain it’s trying to reach is listed. If the requested domain matches one of the SAN entries, the certificate is validated and trusted.

This feature is especially useful for:

  • Multi-Domain Certificates: Certificates that need to secure several distinct domain names.
  • Wildcard Certificates: Certificates that secure all subdomains of a domain (e.g., *.example.com).
  • Internal and External Domains: Organizations can include both public and internal (e.g., intranet.example.com) names in the SAN field.

3. Why SAN Matters in SSL Certificates

  • Simplifies Certificate Management: SAN certificates allow multiple domains to be secured with one certificate, reducing the need for multiple certificates.
  • Enhanced Security and Compatibility: Modern browsers check the SAN field first to verify the domain. In fact, the Common Name (CN) field, previously used for domain validation, is now considered secondary to SAN in modern SSL implementations.
  • Cost and Efficiency: Using a SAN certificate is often more cost-effective than purchasing individual certificates for each domain, especially for large websites or organizations managing multiple properties.

4. Example of SAN Validation in Action

If a certificate’s SAN field lists www.example.com, shop.example.com, and blog.example.com, a browser connecting to any of these domains will check the SAN field to confirm that the domain is covered by the certificate. If the domain is not listed, the browser will display a warning to the user, even if the Common Name matches.

In Summary

The SAN field is crucial for multi-domain security, and it’s the preferred method for specifying valid domains in SSL certificates. Modern browsers rely heavily on SAN for validating SSL certificates, ensuring a secure and seamless experience across different domains associated with a single certificate.

To create self-signed certificate with SAN, please visit Self-Signed SSL Certificate

SSL

Leave a Reply

Your email address will not be published. Required fields are marked *