An SSL certificate for your website has become crucial with increasing cybersecurity threats. One of the most significant impacts of a digital certificate for any business is the level of trust it solidifies among customers.
Most organizations look to secure a single domain through a standard certificate. However, there are specific scenarios where you must secure multiple domains with a single certificate known as “SAN or Subject Alternative Name.” There is a type of certificate that allows such businesses to secure multiple domains.
This article will focus on what is a multi-domain/SAN certificate and generating a Certificate Signing Request.
What is a Multi-Domain/SAN Certificate?
SSL certificates allow you to secure communication between a browser and a server. There are many types of certificates for your websites. A wildcard SSL certificate helps you secure multiple subdomains with a single certificate. Multi-domain/SAN certificate allows you to secure multiple domains and subdomains.
This type of certificate can help you reduce the overhead of obtaining separate certificates for each domain. You can use a multi-domain/SAN certificate to secure domains across environments like Microsoft Exchange Server and other servers.
What is the maximum number of SAN allowed in a SSL Certificate?
The maximum number of SANs (Subject Alternative Names) allowed varies based on Certificate Authority (CA) and the type of certificate being issued. However, most CAs offer Multi-Domain/SAN certificates that allow up to 100 or more SANs.
When getting a certificate, checking with the certificate authority (CA) about their pricing and limits is essential. Some CAs may have lower limits or charge extra for each additional SAN added to the certificate. Make sure to ask about their maximum limit and pricing structure.
Knowing what is a multi-domain/SAN certificate is and how many SANs are allowed for an SSL certificate process is crucial. While we know the SAN certificate, and how it reduces the overhead for organizations, how many SANs you may need will depend on many factors, including CA, type of certificate, CSR details, etc.
How To Generate A CSR For A Multi-Domain SSL
CSR is essential to the SSL certification process, as you need to submit it for the issuance of certificates. Here is how you can generate a CSR for a multi-domain SSL certificate.
- To generate a CSR for a multi-domain SSL certificate, first, go to the search of your Windows computer.
- Search for “mmc.”
- Once you open MMC, go to the file option and choose “Add or Remove Snap-in.”
- Choose the User or Computer Certificate snap-in and double on the certificate to open Snap-in.
- For demonstration purposes, we will choose the Compute account.
- Click Next and select Computer account, followed by Local Computer. Since you are going to create a CSR on the same computer, select the local computer and click Finish.
- Select Certificate (Local Computer) and click OK, then select Local Computer snap-in.
- To create a custom request, access your MMC snap-in and right-click the Personal folder. Choose All Tasks > Advanced Operations > Create Custom Request.
- The CSR generation wizard will open; you can click Next and select the option to proceed without enrollment policy.
- Click Next at the PKCS # 10 window and from the Details drop-down menu, click Properties. Enter a friendly name and add the CSR content.
- Access the Subject tab, in the Subject name, choose the types (Common name) from the dropdown list, and add the values required for your CSR.
- Each DNS represents a domain name. Click the Private Key tab and select Key size: 2048.
- Check the option to Make the private key exportable and click OK. Save the CSR file to a location and select Base 64.
- Click Next and browse to select a location to save the CSR file. Enter a name for the file and click Save.
- Click Finish and the CSR file will be present at the location you saved it.
Conclusion
Generating CSR is just the first part of the process and when you submit it to CA, a vetting process begins. After the thorough vetting process certificate is issued through email, which you can download and install on your website for enhanced security.
The steps we discuss to generate a CSR for a multi-domain SSL certificate can vary based on your project requirements. So, choose the one, which ensures better security and integrity for your websites.