Skip to main content

What is a SAN (subject alternative name) and how is it used?

Mar

05

2019

Time to read

Read so far

Written by: 

Diana Gruhn

Time to read

Written by: 

What is a SAN_1000x420

We can expect that the term Subject Alternative Name (SAN) will likely not make the list of top 10 annoying office phrases anytime time soon. While we can rest assured that it will remain a technical term limited to the IT field, here's what you need to know to know about SANs to ensure that all of the names that you want secured are covered with the purchase of an SSL/TLS certificates.

A SAN or subject alternative name is a structured way to indicate all of the domain names and IP addresses that are secured by the certificate. Included on the short list of items that are considered a SAN are subdomains and IP addresses.

First, let me show you the anatomy of a basic URL or web address.

When additional actions on a website need to be secured, the SANs need to be included on an SSL/TLS certificate so that the DNS server can resolve the IP address to the domain name. This will give the page the HTTPS indicator that meets browser guidelines and that give visitors confidence to transact on your website.

This is what the SANs would like in the certificate details:

SAN 1: DNS Name=example.com

SAN 2: DNS Name=www.example.com

SAN 3: DNS Name=example.net

SAN 4: DNS Name=mail.example.com

SAN 5: DNS Name=support.example.com

SAN 6: DNS Name=example2.com

SAN 7: IP Address=93.184.216.34

SAN 8: IP Address= 2606:2800:220:1:248:1893:25c8:1946

The SANs information appears in the SSL/TLS certificate details that can be viewed by clicking on the locked padlock in the address bar of most web browsers.

This screen captures how the Subject Alternative Name field displays the various SANs in certificate details

EV Multi-domain or OV SSL/TLS certificates are sometimes used in environments where IT administrators need to frequently add, change, or remove domains.  Having the ability to secure multiple names across different domains on a single certificate provides flexibility, efficiencies and cost savings.

Before you purchase your SSL/TLS certificate, list all of the different domains, sub-domains and IP addresses that need to be secured. Most IT ecosystems use a variety of SSL/TLS certificates. Understanding how many domains and sub-domains need to be secured is an important first step in determining the SSL/TLS certificate mix needed for the project.

When you are ready to purchase, let Entrust's TLS/SSL certificate offerings be your next step towards securing your project.

Additional Resources

How Does SSL/TLS Work?

Other Blog Posts in this Series:

  1. SSL/TLS Certificate Types – Choosing the Right One for Your Use Case
  2. SSL/TLS Verification – Digital Identity for Your Website
  3. What is a CSR and How Do I Get One?
  4. What's the Difference between a Public and Private Trust Certificate?
  5. How to Build an SSL/TLS Certificate | The Five Simple Steps That Bring You to HTTPS

 

diana gruhn
Diana Gruhn
Product Marketing Director, Entrust
Diana Gruhn is a Product Marketing Director at Entrust, the brand that keeps the world moving safely by enabling trusted identities, payments, and digital infrastructure around the globe. She has been working in the high technology industry for 10+ years and is enthusiastic about helping businesses stay secure as well as the people who transact with them.
View all of Diana's Posts