Choosing the SSL Certificate Names
Table of Contents
- How to Choose Your Certificate Names
- Single-Name vs. Wildcard Certificates
- Single vs. Multiple Names
- Have More Questions?
An SSL certificate must be associated with one or more host names. Selecting the correct names is important because the certificate will be valid only if the request matches the host name (or host names) associated with the SSL certificate.
Note
You cannot change the name type of a certificate (e.g., switch from a single-name to a wildcard name) once it has been issued. Choose carefully before ordering.
How to Choose Your Certificate Names
Steps to determine the right names for your certificate
-
Identify which domains and subdomains you need to secure. List all the host names that users will access over HTTPS (e.g.,
example.com,www.example.com,app.example.com). -
Decide between a single-name and wildcard certificate:
- If you need to secure one specific hostname (e.g.,
www.example.com), order a single-name certificate. This is valid only for that exact hostname. - If you need to secure multiple subdomains at the same level (e.g.,
www.example.com,app.example.com,api.example.com), order a wildcard certificate for*.example.com.
- If you need to secure one specific hostname (e.g.,
-
Consider the root domain:
- A single-name certificate for
www.example.comwill also cover the root domainexample.com. - A single-name certificate for
example.comalone will not coverwww.example.com. - A wildcard certificate for
*.example.comcovers all first-level subdomains.
- A single-name certificate for
-
Check if you need multiple names on one certificate. If your SSL certificate product supports the Subject Alternative Name (SAN) extension, you can include multiple host names in a single certificate. DNSimple simplifies this by providing a field to enter multiple names when your plan allows it.
-
Order your certificate using the names you have determined:
Single-Name vs. Wildcard Certificates
Single-Name SSL Certificate
A single-name certificate is valid only for the hostname specified with the certificate.
For example, if you purchase a certificate for the hostname secure.example.com, you cannot use it for www.example.com or example.com. Any attempt to serve these hostnames with the certificate will result in a security warning in most browsers.
The only exception is the root domain: if you purchase a certificate for the www hostname, it will also cover the root domain as described above.
Wildcard SSL Certificate
A wildcard certificate is valid for any single-level subdomain. You use the wildcard * symbol to indicate the subdomain.
For example, if you purchase a wildcard certificate for *.example.com, you can use it for any example.com first-level subdomain such as www.example.com, secure.example.com, or private.example.com. However, you cannot use it for www.secure.example.com or super.secure.example.com.
Single vs. Multiple Names
You can associate host names to an SSL certificate using two different attributes:
- The Common Name
- The Subject Alternative Name (SAN)
The Common Name allows specifying a single entry (either a wildcard or single-name), whereas the SAN extension supports multiple entries. However, the SAN is only supported by certain SSL certificate products.
At DNSimple, we simplify this by hiding the technical details behind a clear interface. We will not ask you to select when to use the Common Name or the SAN. Whenever you are allowed to enter multiple names, you will be provided a field to enter the list of names.
Have More Questions?
If you have additional questions or need any assistance choosing the right certificate names, just contact support, and we’ll be happy to help.