20
Mar
2019

CN vs SAN

Reading Time: < 1 minutes

We discussed in a related post on the process of creating a
Certificate Signing Request (CSR) and the importance of using SAN(Subject Alternate Names)…

SAN is an extension to the X.509 specification that allows users to specify additional host names for a single SSL certificate. Each of these names will be considered protected by the SSL certificate.

This allows to support multiple host names using the same certificate. For example it is logical to support both of the following host names using the same SSL certificate.

www.example.com
example.com

Originally, SSL certificates only allowed the designation of a single host name in the certificate subject called Common Name (CN) but now this has undergone change and a certificate is first verified for SAN and if no SAN is defined it falls back to CN.

It is still a practice to define both CN and SAN when requesting a certificate. An important point is that CN and SAN are not complimentary and any CN defined should be a subset of SAN list.

Print Friendly, PDF & Email
Share

You may also like...