12 September 2023 Reading time: 3 minutes

What are SAN or Wildcard options in an SSL certificate, and why are they needed?


Any website that is hosted on the Internet and accessed by users requires an SSL certificate, a cryptographic protocol that provides a secure connection between the client and the server.

But SSLs come in many forms. For example, some contain the words SAN or Wildcard. And this has a significant impact on the cost of the certificate. In this article, we will discuss what these abbreviations mean and when it is recommended to use each of them.

Fun fact: In fact, the modern protocol is called TLS and affects the transport layer, but everyone still uses the generally accepted well-established ‘SSL’ abbreviation.

When SSL is required

A few years ago, Google, as an IT giant, began to voluntarily and compulsorily switch webmasters to SSL. Now you can work without SSL, but any SEO specialist will tell you that a certificate is necessary for correct indexing and getting into the search output. This is official information: resources without a unique digital signature receive a ranking penalty from search engines. And when users try to access resources without SSL certificates, they receive a warning about an unsecured connection and a browser recommendation not to open such a site.

During this time, everyone has become accustomed to the need for SSL certificates and secure data transfer. However, as the number of domains and subdomains in use increases, managing SSL certificates becomes quite a challenge. This is where SAN and Wildcard come into play.

What is SAN

SAN (Subject Alternative Name) is an extension of SSL certificates that allows you to secure multiple domains or subdomains with a single certificate. These SSL certificates are also known as multi-domain certificates.

When use SAN

A SAN is ideal if you have multiple domains and/or subdomains. For example, you have multiple websites that need to be protected. And each of them also has subdomains such as blog.example.com, support.example.com. In this case, it is most beneficial to use one SAN certificate to protect them all at once.

What is Wildcard

Wildcard SSL certificate is a type of SSL certificate that allows you to protect an unlimited number of subdomains with a single certificate. Wildcard SSL certificates are identified by an asterisk (*) in front of the domain name, such as *.example.com.

When use Wildcard

Wildcard SSL certificates are ideal when there are many first-level subdomains of a single main website. For example, you have one website, but it has many subdomains such as blog.example.com, shop.example.com, support.example.com, news.example.com, and so on. In this case, you can use a Wildcard SSL certificate.

What’s better — SAN or Wildcard SSL

The choice between SAN and Wildcard SSL depends on your needs. If you have multiple domains and/or subdomains that need to be protected, it is better to choose a SAN certificate. If you have only one site with subdomains and want to protect them all with a single certificate, Wildcard is the right choice.

In addition, you should note that the wildcard certificate will automatically protect the entire level where the asterisk is located. Even if your subdomains are not yet created, thanks to the asterisk symbol, which implies any value, you can issue the certificate first and then create the desired subdomains. With SAN certificates, you must specify specific values and pay for each additional value separately.

If you're looking for a SAN or Wildcard certificate, our site offers a wide range of SSLs for all levels of security. There is even a special SSL certificate that allows you to buy both SAN and Wildcard at the same time.

In conclusion, we remind you that SSL certificates are crucial for protecting online transactions and confidential information from unauthorized access. By choosing the certificate option you need, you will save your time and money, because you will not need to buy separate SSL certificates for each domain or subdomain.

Choose your SSL

Certificates with SAN, Wildcard, and classic ones from trusted certificate authorities are available in ispmanager.