We can expect that the term Subject Alternative Name (SAN) will likely not make the list of top 10 annoying office phrases anytime time soon. While we can rest assured that it will remain a technical term limited to the IT field, here’s what you need to know to know about SANs to ensure that all of the names that you want secured are covered with the purchase of an SSL/TLS certificates.
A SAN or subject alternative name is a structured way to indicate all of the domain names and IP addresses that are secured by the certificate. Included on the short list of items that are considered a SAN are subdomains and IP addresses.
First, let me show you the anatomy of a basic URL or web address.
When additional actions on a website need to be secured, the SANs need to be included on an SSL/TLS certificate so that the DNS server can resolve the IP address to the domain name. This will give the page the HTTPS indicator that meets browser guidelines and that give visitors confidence to transact on your website.
This is what the SANs would like in the certificate details:
SAN 1: DNS Name=example.com
SAN 2: DNS Name=www.example.com
SAN 3: DNS Name=example.net
SAN 4: DNS Name=mail.example.com
SAN 5: DNS Name=support.example.com
SAN 6: DNS Name=example2.com
SAN 7: IP Address=22.214.171.124
SAN 8: IP Address= 2606:2800:220:1:248:1893:25c8:1946
The SANs information appears in the SSL/TLS certificate details that can be viewed by clicking on the locked padlock in the address bar of most web browsers.
This screen captures how the Subject Alternative Name field displays the various SANs in certificate details
EV Multi-domain or UC SSL/TLS certificates are sometimes used in environments where IT administrators need to frequently add, change, or remove domains. Having the ability to secure multiple names across different domains on a single certificate provides flexibility, efficiencies and cost savings.
Before you purchase your SSL/TLS certificate, list all of the different domains, sub-domains and IP addresses that need to be secured. Most IT ecosystems use a variety of SSL/TLS certificates. Understanding how many domains and sub-domains need to be secured is an important first step in determining the SSL/TLS certificate mix needed for the project.
7-Part Blog Series
- SSL/TLS 101 – Why Do I Need an SSL/TLS Certificate
- SSL/TLS Certificate Types – Choosing the Right One for Your Use Case
- SSL/TLS Verification – Digital Identity for Your Website
- What is a SAN (Subject Alternative Name) and how is it Used?
- What is a CSR and How Do I Get One?
- What’s the Difference between a Public and Private Trust Certificate?
- How to Build an SSL/TLS Certificate | The Five Simple Steps That Bring You to HTTPS
How Does SSL/TLS Work?