With our Entrust Certificate Services release yesterday, we made significant improvements in the way we offer multi-domain (or multi-SAN) certificates.
Why is this significant to our customers? Back in 2007, with Microsoft adding new features such as AutoDiscovery to Exchange Server, the number of services each server needed to protect with SSL encryption started increasing.
As a result, Exchange Server 2007 outgrew traditional SSL certificates and required a new certificate that supported multiple names. This led to the introduction of Unified Communications (UC) certificates several years ago, which typically had a fixed number of domains (SANs) they could support, based on the number of services anticipated to be used in Unified Communications.
Since then, however, we’ve seen the need for this product dramatically increase. Customers were not only using these certificates for Unified Communications purposes, but for many other uses as well, such as virtual hosting over SSL on a single IP address. For example, if you have a website www.example.com, but it is also known as example.com and www.example.net, then a multi-domain certificate with all domain names listed in the Subject Alternative Name (SAN) field is what you need.
And of course, since UC certificates were organizational validated, and many customers are looking for even stronger security to represent their corporate brand, we’ve seen the demand for multi-domain support increase for Extended Validation (EV) certificates as well. This holds particularly true in the banking sector, where consumers are understandably hypersensitive about verifying with whom they are transacting.
Both certificate types can be purchased online or in a Certificate Management Services (CMS) account. When creating a new certificate, users simply paste their CSR into a field that parses any Domains (SANs) included in the CSR, and are then presented with an option to add additional domains — up to 50 for online single certificate buyers, and up to approximately 150 for CMS customers, provided they have available inventory.
Domains (or SANs) can be either fully qualified domain names (e.g., www.entrust.net) or unique IP addresses (e.g., 220.127.116.11) — in either case the uniqueness of the address is important to ensure maximum security.
If you’re looking for a multi-domain or multi-SAN certificate, visit us at http://www.entrust.net and we’ll be happy to serve your SSL needs.