SAN vs. Wildcard Certificates: What's the difference?

This article will outline the difference between wildcard and SAN SSL certificates.

Wildcard Certificates

A wildcard certificate allows for an unlimited number of subdomains to be protected with a single certificate. For example, you could use a wildcard certificate for the domain name ascio.com and that cert would also work for mail.ascio.com, ftp.ascio.com, and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *.ascio.com.

SAN Certificates

A SAN (Subject Alternative Name) certificate allows for multiple unique domain names to be protected with a single certificate. For example, you could purchase a certificate for ascio.com, and then add more SAN values to have the same certificate protect ascio.org, ascio.net, and even tucows.com.

Depending on the specific brand and certificate product, the SAN cert will include either one or four additional domains.

In most cases, the SAN values can be changed at any time during the life of the certificate.

When to choose a wildcard, and when to choose a SAN

Wildcard certificates are great for protecting multiple subdomains on a single domain. In many cases, the wildcard cert makes more sense than a SAN because it allows for unlimited subdomains, and you don’t need to define them at the time of purchase. You could provision *.ascio.com and at any time during the life of the certificate, you decided to add www3.ascio.com or mail.ascio.com, that cert would just work, no reissue required.

If, on the other hand, you need to protect multiple domain names, then the SAN certificate might be the right choice. Protecting alternative domains with the same website (ascio.com and ascio.net) is a great example. One caveat – you need to define the additional domains and add them to the certificate for it to work.

SAN certificates, like wildcard certs, are a great way to save some money, and also to make administration a bit easier, as you can reduce the number of certificates provisioned since they cover multiple domains.

Was this article helpful? If not please submit a request here

How helpful was this article?

Thanks for your feedback!

Do you still need help? If so please submit a request here.