SSL Subject Alternative Names

Secure Sockets layer/Transport Security Layer often referred as SSL/TLS is a cryptographic protocol designed to encrypt Hyper Text Transfer Protocol also knows as HTTP. The Newly designed HTTPS protocol has been widely accepted by almost new and old website with a strict necessary for websites that share and do confidential transactions like Banks and Financial Websites, Websites that collect Personally Identifiable Information, even for a normal static page should be request over HTTPS because almost all the modern browsers mark HTTP requests as in secure.

Thanks to EFF and other supporting organizations. A Free Certificate Authority has been created for issuance of Free authentic and secure SSL certificate, The LetsEncrypt project aims to provide Free SSL for an every website making web more secure. LetsEncrypt also issues SSL certificates which can be used with our domain and subdomains of 1 level depth.

Here is an example of letsencrypt certificate in action from GeeksforGeeks

You can see the certificate is shared with 11 subdomains of GeeksforGeeks using Subject Alternative name, the subdomains are

• api.geeksforgeeks.org
• auth.geeksforgeeks.org
• authcdn.geeksforgeeks.org
• cdnwrite.geeksforgeeks.org
• cdnpractice.geeksforgeeks.org
• cdnvideos.geeksforgeeks.org
• media.geeksforgeeks.org
• practice.geeksforgeeks.org
• write.geeksforgeeks.org
• ide.geeksforgeeks.org
• www.geeksforgeeks.org

Subject Alternative Name in SSL certificates: The Subject Alternative Name is an extension to X.509 that allows various values to be associated with a security certificate using a field lets you specify additional host names sites, IP addresses, common names, etc. to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. In most cases all the subdomains in a wildcard certificate of the hostname mostly protected using this extension.

The most important reason for new webmasters to be aware of this part is because many web hosts, CDN’s, and of course Cloudflare use this technology to issue SSL certificates to their clients which are not only shared by subdomains but also with different domains too. For example a typical SAN for this SSL looks like – 

• example1.com
• example2.com
• *.example3.com
• *.*.example4.com

The main reason for explaining about Subject Alternative Names is that many articles claim that Google will blacklist all the domains if even one of the domain is found doing malicious and unethically activity which is not true. A member of Google clearly stated that they will blacklist only that domain not all, they said it’s better if the Certificate Authority remove that domain and all its corresponding subdomains from the SAN field. Also, some phishing mails can end up in your inbox with higher prices for the Domain Validated and Wildcard Domain validation SSL certificates. It’s better to lookup the sender’s email and verify the prices by googling of the SSL’s issued by the certificate authority.

You can check whom you share your SSL certificate by clicking green lock beside domain in chrome, click on certificate which will open certificate viewer. You can see complete details about the certificate using it. Scroll down till you see Certificate Subject Alternative Name, click on it then you can see which domains and subdomains share the SSL certificate.