Subject Alternative Name SSL keys

Well I learned something new today about Subject Alternative Name SSL certificates. Don’t know what a SAN certificate is?
A Subject Alternative Name SSL certificate is similar to a wild card certifiate in that you can secure multiple domains with only one ip and one certificate. So a wild card certificate domain looks like *.domainname.com. That will cover anything under that primary domain.
A Subject Alternative Name certificate does the same concept but it alls you to specify the URL and the primary doman can be different. An example of this is
bob.domainname.com
Sue.domainname.net
Bill.domainname.org
Domainname.com

Three primary domains all with different secondary domains all on the same certificate and the primary domain alone as well. All those can be put on a SAN certificate. Max names I have found allowed was 20 URL’s per certificate from verisign and their managed pki services.

Here is where it gets odd.
If you read thru most of the documentation you can google, all of it references only using SAN certs for exchange server or internally for live communication server etc.

The trickto getting the certificate to be created and work in iis is to just generate a CSR for one of the sites then when you are requesting your key you add in the additional Subject Alternative Names and presto chango! Your certificate covers all those url’s.

I hope I helped a bit to explain how you can use Subject Alternative Name certificates in your webservers.

Later

Chris
Head Geek and Host
GeekTechLive

Comments are closed.