Adding SANs to Wildcard SSL Certificates
The information on this page is divided into the following sections:
Wildcard certificates help server administrators save hundreds or even thousands of dollars on SSL Certificates by enabling them to install the same certificate to multiple websites and/or on multiple servers at no additional cost.
In addition, when using our wildcard certificates in conjunction with Subject Alternate Names (SANs), you can save even more money and expand certificate functionality.
In our wildcard certificates we automatically include your domain name without any subdomain as a SAN (for example, domain.com). We also allow you to define your own SANs at no extra cost, as long as the SAN is a subdomain of your existing domain.
How Do Subject Alternative Names Help Me?
In general, wildcard certificates can only be used to secure first-level sub-domains of the domain to which they are issued. For example, a standard wildcard certificate is issued to *.domain.com. Once that certificate is installed on the server(s), users can connect securely to www.domain.com, mail.domain.com, autodiscover.domain.com, etc.
However, because the name on your certificate must exactly match the name that a user is connecting to, a standard wildcard does not allow your users to connect to your domain with no subdomain (domain.com) or with multiple levels of subdomains (multiple.sublevels.domain.com). Additionally, this allows some devices that are not normally compatible with wildcard certificates (see the list here) to work.
Requesting Duplicate Certificates with Subject Alternate Names (SANs)
By default, wildcard certificates only secure a specific subdomain level. For example, if your certificate is for *.domain.com, it will secure subdomains of the same level. You can replace the wildcard character with any subdomain as long as is does not contain any additional periods. In this example, *.domain.com would secure subdomains such as test.domain.com, six.domain.com, and www.domain.com but it would not secure a subdomain of a different level such as six.test.secure.domain.com.
To secure subdomains on different levels (for example, test.secure.domain.com and six.test.secure.domain.com), create a new CSR, log into your account, and request a duplicate certificate. When you request a duplicate certificate, you can specify up to 10 individual subdomains as SANS to secure. Getting duplicate certificates is free, and though only 10 subdomains are permitted per request, you can request as many duplicate certificates as you need. Requesting multiple duplicate certificates does not invalidate the first ones and allows you to secure 10 more subdomains. For example, you can use your first request to secure subdomains 1-10 and use your second request to secure subdomains 11-20.
How to Duplicate a Certificate with Subject Alternative Names (SANs)
On the server for which you want the duplicate wildcard certificate with SANs, create a new CSR/keypair.
For instructions on how to create a CSR, see Create a CSR (Certificate Signing Request).
Log into your DigiCert Management Console.
On the My Orders tab, in the list of your current certificates, select the order number for the wildcard certificate that you want to duplicate with SANs.
On the Manage Your WildCard Plus Certificate page, in the Reissue Actions section, click Get a Duplicate.
In the Get A Duplicate Certificate-Step 1 window, in the Enter Your CSR section, do one of the following options:
Upload your CSR. Click Click to upload a CSR to browse for, select, and open your CSR file. Paste your CSR. Use a text editor (such as Notepad) to open your CSR file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in to the request form in the area provided.
In the Select Your Server Software section, in the drop-down list select the server on which the CSR was generated.
In the Specify Subdomains to Secure (optional) section, add the SAN names for up to 10 subdomains on the same domain that the wildcard certificate secures.
Review the details and then, click Process Duplicate WildCard Cert.
The duplicate certificate should automatically be issued within a few minutes.
To see your duplicate certificate, refresh your browser. Inside your account, the most recent duplicate certificate is located closest to the bottom of the page for this order.
Download and install the certificate to your server.
For instructions on how to install your SSL Certificate, see SSL Certificate Installation Instructions & Tutorials.