How to distiguish if SSL certificate is for both domain and subdomains or for domain only?



  • Provider suggests me two types of SSL certificates: for domain only or for domain and subdomains. First one is cheaper.

    Currently I already have certificate for previous year. How to know, if it was bought for domain only or for domain and subdomains?



  • When you purchase certificate for single domain, Subject Alternative Names (SAN) extension will typically include two entries:

    example.com
    www.example.com
    

    this will allow:

    • parent domain
    • www host under parent domain

    when you purchase certificate for arbitrary subdomains (without hosts in subdomains), then you can get a wildcard certificate with the following entries:

    example.com
    *.example.com
    

    this will allow:

    • parent domain
    • any subdomain without hosts (e.g. www.sub.example.com is not covered)
    • any host under parent domain

    if you want to have hosts under subdomains, then all subdomains must be listed explicitly, e.g.

    example.com
    *.example.com
    *.sub1.example.com
    *.sub2.example.com
    

    this combination will allow:

    • parent domain
    • any subdomain
    • any host under parent domain
    • any host under sub1.example.com domain
    • any host under sub2.example.com domain


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2