Table of contents

Description

Oftentimes you work with different domains or different TLDs. For such cases, there are the certificates with the corresponding Subject Alternative Name (SAN) extension. For these certificates, various Full Qualified Domain Names (FQDN) can be combined into one certificate. Of course, different subdomains are also allowed. Subdomains with a wildcard entry are currently only valid for domain-validated certificates (DV) and company-validated certificates (OV).

Please note that the SAN extension for GeoTrust certificates must be activated directly when ordering the certificate. In order to do this, at least one additional domain must be specified when ordering. It is not possible to activate the SAN extension afterwards. Thereafter, additional domains can be included or removed from the certificate at any time.

With regard to other CAs in our product portfolio, where the certificate offer a SAN function, are these separate products. In these cases, only one domain can be specified when ordering and the domain can be extended afterwards at any time.

The only requirement for the inclusion of different FQDNs is that all registered domains have the same owner. When ordering, the owner is checked for all domains. If a deviation occurs, the certificate is not issued.

Please note that in the case of a certificate with SANs in the certificate details, only the common name, ie the first domain that was registered, is listed. The other contained domains can be found in the certificate details under the subject alternative names section.

After issuing the certificate, new domains can be added or removed from the certificate at any time. This requires a reissue of the certificate. New domains are checked again before the certificate is issued. The certificate must then be exchanged on the server.

Note

The expansion of the included SANs must be made via the corresponding fields in the interfaces. Enter the new domains here to include them in the certificate. It is NOT sufficient to only enter the new SANs within a new CSR and then use this CSR during the reissue.

Example

www.domain.tld
www.domain.tld
shop.example.tld

Benefits of SAN

The big advantage of the certificates with SAN is the low administration effort and the fact that only one IP address per certificate is necessary. This means that only the common name is output with the details and the other domains can only be found in the detailed information section of the certificate, but you should consider exactly when you use this certificate. For example, Microsoft Exchange Server or services that contain more than one domain in the certificate are a perfect candidate for this type of certificate. If you have your company presence under many different TLDs online then this is also a good solution to keep the administration costs low.