Home/ Glossary/ Subject Alternative Name Certificate

Subject Alternative Name Certificate (SAN Certificate)

Security Glossary - SSL/TLS

Definition: A SAN (Subject Alternative Name) certificate can secure multiple distinct domain names and subdomains within a single certificate. Unlike wildcard certificates that cover all subdomains of one domain, SAN certificates explicitly list each domain - for example, example.com, www.example.com, and app.example.net on the same certificate.

The Importance of SAN Certificate

SAN certificates are essential when you need to secure multiple different domains (not just subdomains) under one certificate. This is common for businesses that operate multiple brands, run separate domains for different regions, or need to cover both their production and staging domains.

Modern browsers primarily use the SAN field rather than the Common Name (CN) to validate certificates. Even a certificate for a single domain should include it in the SAN field. In practice, all CAs now include the primary domain as a SAN in addition to setting it as the CN.

SAN certificates offer more precise control than wildcards. You can list exactly which domains and subdomains are covered, following the principle of least privilege. This limits the impact if the certificate's key is compromised - only the listed domains are affected, not every possible subdomain.

Checking Your Setup

Use an SSL checker to inspect the Subject Alternative Name field in your certificate. It will list all domains and subdomains the certificate covers. Verify that every domain you intend to serve over HTTPS is listed as a SAN.

Check SSL Certificate

SAN Certificate FAQ

How many domains can a SAN certificate cover?
The number varies by CA. Let's Encrypt allows up to 100 SANs per certificate. Commercial CAs may allow more or fewer depending on the product. There is no protocol-level limit, but practical limits are set by CA policy.
Is a SAN certificate more expensive than a single-domain certificate?
From Let's Encrypt, all certificates are free regardless of how many SANs they include. From commercial CAs, SAN certificates often cost more per additional domain, though the total is usually less than buying separate certificates.

Related Concepts

SSL/TLS Certificate Wildcard SSL Certificate Certificate Authority SSL/TLS Handshake Hypertext Transfer Protocol Secure
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.