Multi-Domain (SAN) SSL Certificates

Multi-Domain certificates, also known as Subject Alternative Name (SAN) certificates or Unified Communications Certificates (UCC), secure multiple distinct domains with a single certificate. Unlike wildcard certificates that cover subdomains of a single domain, SAN certificates can protect completely different domains like example.com, example.net, and differentcompany.com. This flexibility makes them ideal for organizations managing multiple brands or properties.

The Subject Alternative Name extension in X.509 certificates enables this functionality, allowing a single certificate to contain multiple domain names. Modern SAN certificates can include hundreds of domains, though practical limitations and certificate authority policies typically restrict the number to fewer than 100. Each domain listed in the SAN field receives the same level of validation and protection as the primary domain.

SAN certificates excel in complex hosting environments where multiple domains share infrastructure. Managed hosting providers, content delivery networks, and cloud platforms leverage SAN certificates to efficiently secure customer domains. Microsoft Exchange servers traditionally use SAN certificates to secure various services like Outlook Web Access, ActiveSync, and Autodiscover under different hostnames.

Organizations must carefully manage SAN certificates, as adding or removing domains typically requires reissuing the entire certificate. This process can become cumbersome for frequently changing domain lists. Additionally, all domains listed in a SAN certificate are visible to anyone examining the certificate, which may raise privacy concerns for some organizations. Despite these considerations, SAN certificates remain valuable for consolidating certificate management across multiple properties.