Is it ok to specify subdomains in certificates that support SAN.
For example base domain is example.com and I want a.example.com, b.example.com, and c.example.com to be included? What is the primary purpose of SANs?
Asked
Active
Viewed 260 times
1
Mike Ounsworth
- 57,707
- 21
- 150
- 207
user3448600
- 259
- 1
- 2
- 7
1 Answers
6
The purpose of SAN is to specify all host names for which a certificate can be used. This also includes any subdomains a certificate should be valid for, i.e. a certificate for example.com will not be automatically valid for foo.example.com but this subdomain must be explicitly specified as valid. Entries can also be wildcards. A proper implementation will no longer look at the common name at all if DNS names are given in the SAN section.
Steffen Ullrich
- 184,332
- 29
- 363
- 424