Multi-Domain (SAN) SSL Certificates

2 min read SSL/TLS & Certificates

Multi-Domain (SAN) SSL Certificates

Multi-Domain certificates, also known as Subject Alternative Name (SAN) certificates or Unified Communications Certificates (UCC), provide the flexibility to secure multiple distinct domains with a single certificate. Unlike wildcard certificates that only work with subdomains of a single domain, SAN certificates can protect completely different domains like example.com, example.net, differentcompany.com, and their various subdomains, all within one certificate.

This versatility makes SAN certificates ideal for organizations managing multiple brands, companies running several distinct web properties, or businesses that need to secure various services across different domains. For example, a company might use a single SAN certificate to secure their main website, customer portal on a different domain, and email server, simplifying certificate management while maintaining security across all properties. Modern SAN certificates can typically secure up to 100-250 domains, though this varies by provider.

The management advantages of SAN certificates become apparent in enterprise environments where certificate sprawl can create significant operational overhead. Instead of tracking renewal dates, managing installations, and maintaining separate certificates for dozens of domains, IT teams can consolidate their certificate infrastructure. This consolidation reduces the risk of accidental expiration, simplifies compliance auditing, and can provide substantial cost savings compared to purchasing individual certificates for each domain.

SAN certificates are available in DV, OV, and EV validation levels, with the validation requirements applying to all domains included in the certificate. This means that for OV and EV SAN certificates, the organization must demonstrate control and ownership of all included domains. Some providers allow you to add or remove domains during the certificate's lifetime, though this typically requires reissuing the certificate. This flexibility helps organizations adapt to changing needs without waiting for renewal periods.