Any Webmaster, Website Administrator or IT Manager will confirm; managing websites and the associated SSL/TLS certificates is far from being an easy task especially as the number of websites to manage continually grows to hundreds or even thousands. The more you need to manage, the higher likelihood of mistakes creeping in. Any oversight or slip may put your company and brand name on the front-page headlines because of a hack, a downturn, or an outage. IT Managers should make carefully considered decisions when it comes to security and functionality.
Obtaining publicly trusted SSL/TLS certificates from a commercial Certificate Authority (CA) can become a costly exercise if not done correctly. There are options to manage and reduce this burden and one that I wish to discuss today is known as Subject Alternative Names (SAN) Licensing.
What Are Subject Alternative Names (SANs)?
A Subject Alternative Name (SAN) is an extension used in a digital certificate, which allows the certificate to secure more than one website. It gives System Administrators the flexibility to go beyond just one site per certificate, which reduces the number of certificates you need to manage.
SANs can come into different forms and shapes depending on the setup. They can be Fully Qualified Domain Names (FQDNs), wildcard domains, IP addresses, or even email addresses when it comes to S/MIME certificates. The purpose is to provide flexibility in securing multiple sites with a single certificate.
To illustrate this with an example (taking globalsign.com as a reference):
globalsign.com
www.globalsign.com
shop.globalsign.com
support.globalsign.com
These are all different (alternative) names, but they’re directed to the same website using different addresses or URLs.
SAN enhances security by simplifying certificate management, mitigating mixed content warnings, improving compatibility, and providing robust protection against various security threats. It offers a flexible and efficient approach to securing multiple domains, subdomains, or IP addresses within a single SSL/TLS certificate.
What Type of Customer Benefits from Using SANs?
As illustrated above, SAN certificates can be used by various customers and organizations that require secure communication for multiple domain names, subdomains, IP addresses, or other identifiers.
Here are some examples of customers who can benefit from SAN certificates:
-
Website Owners and Administrators
-
Multi-Domain Businesses
-
Hosting Providers and Cloud Service Providers
-
IT Departments and System Administrators
And the use cases can include:
-
Limited use servers (trials, promotions, ad-hoc delivery)
-
Many distinctly different FQDNs (not just *.domain.com)
-
Regular updates to their server infrastructure and certificate installments
What Are the Benefits of Using SAN Licensing?
Flexibility
You can support your dynamic server environment by adding and replacing unused FQDNs without incurring additional per certificate cost - basically recycling FQDNs you no longer need without incurring new charges.
Ease of Use
One annual license to manage and negotiate without worrying about exceeding your budget by issuing unexpected, redundant, or short-lived certificates.
How Does GlobalSign’s SAN Licensing Model Work?
With GlobalSign’s SAN licensing, you can obtain a license that permits you to use a specific number of SANs for the SSL/TLS coverage of your domains. These SANs can be filled with different domain names.
For example, if you have a SAN license with three SANs, you can secure up to three different websites under that license.
It gives you the ability to manage various domains or SANs in a dynamic way without having to bother on the required format or structure. You can use them individually for each domain or bundle them in a specific multi-domain certificate. You can use and mix FQDNs, subdomains and IPs in many ways to suit your business needs.
If you’re used to bundling a domain or subdomain in one, two or ten times (in an identical format) you may be interested to know that our SAN Licensing model perceive this one (or multiple) domain as one single SAN – making it quite cost effective in certain cases.
SAN management is dynamic; any expired or cancelled certificate order will automatically be re-added to the quota of SAN allowance.
In Summary
GlobalSign’s SAN licensing provides you and your company the appropriate flexible and cost-effective way to manage your SSL/TLS certificates. It lets you consume your SANs based in the way you want. It's important to note that SAN certificates are widely supported by modern web browsers, servers, and other systems that rely on SSL/TLS encryption for secure communication.
If you’re still not convinced by the uniqueness and flexibility of our SAN Licensing model, let us set up a trial. Get in touch with our sales team to know more.