Find out the different scenarios when to add Subject Alternative Names (SANs) to your certificates.
Subject Alternative Names (SANs) enable you to secure multiple host names with one SSL certificate.
The SAN extension has been included in the X509 certificate standard for more than 10 years, but became widely used after the launch of Microsoft Exchange Server 2007, which uses SANs to simplify server configuration.
There are several situations where you may want to add SANs to your certificate:
- You can use one SSL certificate to secure host names on different base domains. A wildcard certificate like *.yourcompany.com can protect all first-level subdomains on one domain, but a wildcard cannot protect both www.yourcompany.com and www.yourcompany.net.
- Hosting multiple SSL-enabled sites on a single server typically requires a separate IP address for each site, but a certificate with SANs can solve this problem. Microsoft IIS 6 and Apache are both able to Virtual Host HTTPS sites using Unified Communications SSL, also known as SAN certificates.
- SAN certificates simplify your Exchange Server 2007 SSL configuration. If you use a SAN certificate, you do not need to configure multiple IP addresses on your Exchange 2007 server.