How to fill in the SAN fields in the CSR?

It is necessary to remember that multi-domain certificates do not act the same way as single-domain ones. It concerns the feature of securing the www and non-www versions of the same host name. Such certificates consider www.domain.com and domain.com as different host names, so each of them should be included in the certificate separately. If you use www.domain.com as a primary domain of the certificate and wish to secure domain.com as well, the second one should be used as one of the SANs. The subdomains of the same domain are not covered automatically and should be added to the certificate manually.

Also, the multi-domain certificates we provide, do not support Wildcard domains, meaning you cannot use *.domain.com as one of the SANs in order to secure all its subdomains.

The primary domain of the certificate (its common name) is the first in the list of secured domains and cannot be changed after the certificate is issued. It is extracted from the CSR and refers to the common name of the Signing Request.

The additional domains can be either typed manually in the corresponding field during certificate activation or retrieved from the CSR. Some webservers at CSR generation have an option to fill in the SAN fields during CSR creation. Our system will recognize the SANs and put the domains you used into the certificate. However, you will also be able to edit them during certificate activation.

Powered by Zendesk