TLS certificates and Subject Alternative Names
What is a Subject Alternative Name (SAN)?
It's a way to expand the security that the certificate offers to more than one domain. In Sectigo's terms: "The Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate."
How can I use a SAN?
According to Sectigo, you can do the following:
- Secure Host Names on Different Base Domains in One SSL Certificate
- Virtual Host Multiple SSL Sites on a Single IP Address
- Greatly Simplify Your Server's SSL Configuration
How will I know if the CSR has the SANs needed for my case?
You will know by decoding the CSR. Decode the current CSR using this tool https://secure.sectigo.com/utilities/decodeCSR.html. Make sure to check these options:
- Show Key Size
- Show SANs DNS Names
- Show CSR Signature Algorithm
Pay attention to the field dnsNames. Your subject alternative names appear on that field. They should be fully constructed FQDNs. That is how you know if your CSR has the necessary domains for your case. You can have more than one SAN and each one is separated by commas.
Links:
https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000zFKm