Multi-Domain SAN SSL Certificate Compatibility

4 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 5 (4 votes, average: 5.00 out of 5, rated)
Loading...

What browsers support Multi Domain SSL or SAN SSL Certificate

A SAN SSL Certificate, sometimes referred to a Multi-Domain, allows you to encrypt up to 250 different domains on a single SSL certificate. That’s pretty impressive. That would be like if 250 people could share a driver’s license [Editor’s Note: This is a terrible comparison].

I use a Multi-Domain SSL certificate for all of my websites. That’s right, I have websites. I built them all back on GeoCities back in the day. They’re still out there. And don’t ever let anyone tell you that a visitor counter isn’t still cool. I’m almost to 1,000 on my top site. Boo-yah!

Anyway, Multi-Domain SSL certificates make use of the SAN field in your CSR. Basically, after your list, your main website as your Fully Qualified Domain Name, each additional site or sub-domain or IP is listed as a SAN. In the case of a Multi-Domain Wildcard, some of the SANs may also include an asterisk.

Now, when a browser connects to your website using HTTPS, it checks that the SSL certificate matches the hostname in the address bar. There are three ways the browser checks:

  • It checks if the hostname matches the common name on the SSL certificate
  • It checks if the hostname matches a Wildcard common name
  • It checks if the hostname is listed in a SAN field

Now, obviously, all the browsers support hostname matching. Without that, you basically don’t support SSL. But here’s a helpful tip. Sometimes, when a browser supports SANs, it’s directed to ignore the common name and skip right to the SANs. This is why we recommend listing your Common Name as your first SAN, as well.

What Browsers Support SANs

Most desktop and mobile browsers support all three kinds of host name matching. Some older browsers don’t support SANs though.

Supported:

  • Internet Explorer
  • Microsoft Edge
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari
  • Opera
  • Netscape
  • Windows Mobile 5
  • Windows Mobile 6
  • New Palm Treo – Must use WM5
  • New Phones on Symbian OS – 9.2+

Not Supported

  • Older Phones on Symbian OS – 9.1 and earlier
  • Older Palm Treo – PalmOS

So basically, if you’re running on anything current you can expect it to recognize SAN fields. Just remember, some browsers may skip the common name so it’s important to also list it as a SAN.

Stay Cautious, My Friends

Understand SAN Certificate Vs Wildcard SSL Certificate