Knowledgebase Article
Multi-Domain (SAN) SSL Certificates Explained
What a Multi-Domain Certificate Covers
A multi-domain certificate, technically known as a SAN certificate for its use of the Subject Alternative Name field, allows you to secure multiple entirely separate domain names under a single certificate. This differs meaningfully from a wildcard certificate, which covers subdomains of one main domain rather than unrelated domains entirely.
If you have not yet read Wildcard SSL Certificates: When You Need One, it covers the certificate type most often confused with SAN certificates.
How SAN Certificates Work
A SAN certificate lists every domain it covers directly within the certificate itself. This can include entirely different domain names, subdomains, or a mix of both, depending on what you specify when the certificate is issued. Most SAN certificates support a defined number of domains, with the ability to add more up to that limit.
Who Benefits From a SAN Certificate
Businesses managing several distinct domain names, such as regional variations of a brand, multiple related business entities, or a collection of microsites, benefit from consolidating them under one SAN certificate rather than managing a separate certificate for each domain individually. This simplifies renewal, since all covered domains share a single expiration date and renewal process.
Adding or Removing Domains Later
Depending on the specific certificate authority and product, adding a new domain to an existing SAN certificate may be possible without a full reissue, though this varies. In many cases, adding a domain requires the certificate to be reissued to include the updated domain list, which is worth confirming before assuming a domain can simply be added at any time.
SAN vs. Wildcard: Which to Choose
If your situation involves subdomains of one main domain, a wildcard certificate is generally the simpler and more scalable choice, since it automatically covers future subdomains without modification. If your situation involves genuinely separate domain names, a SAN certificate is the appropriate option, since a wildcard certificate cannot cover unrelated domains.
Some certificate products combine both approaches, offering a SAN certificate where one or more of the listed entries is itself a wildcard, covering both multiple domains and their subdomains simultaneously. Ask our team if this combined approach fits your specific situation.
Installing Your Certificate
Once issued, installation follows a similar process to standard certificates, generated specifically to include your full list of covered domains. See Generating a CSR (Certificate Signing Request) for details on preparing your request correctly.