SAN vs. Wildcard Certificates: What's the difference?

This article will outline the difference between wildcard and SAN SSL certificates.

Wildcard Certificates

A wildcard certificate allows for an unlimited number of subdomains to be protected with a single certificate. For example, you could use a wildcard certificate for the domain name and that cert would also work for,, and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *

SAN Certificates

A SAN (Subject Alternative Name) certificate allows for multiple unique domain names to be protected with a single certificate. For example, you could purchase a certificate for, and then add more SAN values to have the same certificate protect,, and even

Depending on the specific brand and certificate product, the SAN cert will include either one or four additional domains.

In most cases, the SAN values can be changed at any time during the life of the certificate.

When to choose a wildcard, and when to choose a SAN

Wildcard certificates are great for protecting multiple subdomains on a single domain. In many cases, the wildcard cert makes more sense than a SAN because it allows for unlimited subdomains, and you don’t need to define them at the time of purchase. You could provision * and at any time during the life of the certificate, you decided to add or, that cert would just work, no reissue required.

If, on the other hand, you need to protect multiple domain names, then the SAN certificate might be the right choice. Protecting alternative domains with the same website ( and is a great example. One caveat – you need to define the additional domains and add them to the certificate for it to work.

SAN certificates, like wildcard certs, are a great way to save some money, and also to make administration a bit easier, as you can reduce the number of certificates provisioned since they cover multiple domains.

Was this article helpful? If not please submit a request here

How helpful was this article?