SSL Certificates and Multiple Domain Names

When a browser is determining whether or not to trust your certificate, it checks that the domain name in the address bar matches your SSL certificate. Typically it does this by checking that the certificate’s Common Name (CN), which is specified in the subject field, matches the domain in the address bar. So, for example, if the CN is www.example.com and the domain in the address bar is www.example.com, then everything is fine. However, if several domain names all resolve to the same server ip address (e.g., example.com, www.example.com, example.net), then any domain other than www.example.com will cause a browser error to be displayed. All is not lost ,however, because the X.509 standard includes a Subject Alternative Name certificate extension which can be used to protect multiple domains with a single SSL certificate. For example, a single certificate could protect: www.example.com, example.com, example.org and so on, provided that all domains are explicitly listed in the Subject Alternative Name extension.

There is another type of certificate, called a Wildcard Certificate, that lets a single certificate protect all first-level subdomains of an entire domain. For example, a Wildcard Certificate issued to *.example.com would protect: example.com, www.example.com, blog.example.com etc. The wildcard domain is listed in the certificate’s CN and the Wildcard Certificate does not contain a Subject Alternative Name extension.

Whatever type of certificate you have, you can use our SSL Checker tool to check that the domain name is correctly listed in the certificate. It will also let you view all the domain names within a Subject Alternative Name Certificate.

– Phil

 

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.