Tags for this FAQ item:
SSL SSL Certificates

Help us by rating this article!

Rated 5 stars, based on 4 votes

What's the difference between between SAN and Wildcard SSL Certificates?

Last updated: 23/01/2017

Both certificate types allow to secure multiple hostnames with one and the same certificate, but that's as far as the comparison goes.

  1. Wildcard SSL certificates identify a given domein name and all its subdomains, so one certificate allows you to secure kinamo.be, www.kinamo.be, mail-out.kinamo.be, selfcare.kinamo.be and so forth.

  2. SAN SSL certificates - the SAN stands for Server Alternative Name - are also called multi-domain SSL certificates, and will allow you to identify wholly different domain names or even IP addresses with one certificate. Initially, they were developed for hosted mailbox solutions, where one mailserver needed to host mailboxes for many disparate domain names, leading to another synomym Unified Communications Certificate. In times of slinking available IPv4 addresses, it wouldn't have been efficient to add an additional IP address and an additional certificate to a mailserver for each mail domain it hosts.

  3. SAN SSL certificates are generally less expensive than their Wildcard SSL counterparts, but do have limits on the maximum number of domains initially included on the certificate. Any additional domain names beyond the initial allotment will cost you extra.

  4. All Certificate Authorities do not offer SAN certificates, especially those targeting the lower end of the market, though all of them offer Wildcard SSL versions.

  5. SAN certificaten are to be had as an Extended Validation certificate, including in-depth vetting of the company's identity and the green bar with the company name shown in the visitor's browser. Wildcard SSL certificates are always of the Domain Validation of Organization Validation type.

There's no hard and fast rule, since every Certification Authority has different policies as to the number of SAN's included. Some will give you one free name, others up to four. There are also huge price differences for additional SAN's, and some certificates allow for a higher maximum than others. Some Certificate Authorities also allow to re-issue a standard SSL certificate as a SAN cert afterwards, for a fee of course.

Using the Kinamo website, you will able to simulate what a certificate would cost you at purchase, but also when adding domain names, so you'll be able to discover the best price point quickly.

If your only requirement is to secure mydomain.com and www.mydomain.com, you will not need to acquire a SAN certificate at most Certificate Authorities. The majority of them offer free support for your non-www domain name when you order a certificate for the www version. Most, but not all. Notable exceptions are Symantec, the most prestigious CA, and willl require either two certificates or a SAN certificate for securing both www and non-www. Caution is of the essence before ordering!

What certificate will eventually meet your current and your future needs is a wholly personal matter. At Kinamo, we will assist you with pleasure to get you out of the certificate woods. Kinamo's SSL certificates pages will let you discover our full portfolio.