SSL Cert SAN field

Question

I'm not really sure exactly how to ask this, but I'll try my best.

I have two SSL certs, and I'm tyring to figure out if I accidentally invalidated one of them.

Cert 1 was just renewed, and issued to www.mydomain.com in the CNAME. This cert included mysub.mydomain.com along with about 10 other subdomains in the SAN field.

Cert 2 was issued last year and expires next year. This cert was issued to mysub.mydomain.com in the CNAME and has nothing in the SAN field besides itself

Did I just accidentally invalidate Cert 2 by including mysub.mydomain.com in the SAN field on Cert 1?

Please, rewrite your question, because your another explanation is very different from what you originally asked. — Crypt32, Mar 23 '21 at 17:55

score 2 · Accepted Answer · answered Mar 23 '21 at 18:01

Browsers today no longer look for domain names in the DN, and will only look for them in SAN extensions, so it sounds like Cert 2 is kinda useless anyway.

There is nothing stopping you from having multiple certs for the same domain. For example you may want to get certs from two different CAs, or get a new cert before the old one expired in order to prevent downtime, or you may want to get a different cert (different public key but same SANs list) for each of your loadbalancers so they are not sharing a private key, etc. Issuing Cert 1 should have no effect on the validity of Cert 2.

SSL Cert SAN field

1 Answers1