SSL Certificate and Subject Alternative Names (SAN)

This article assumes you are using InCommon-Comodo Certificate Service, and that you intend to use openssl to generate your Certificate Signing Request (CSR). If you are using other Cert providers, please check with your vendor

If your host name has multiple DNS ~~entries,~~entries ~~rather~~or ~~than~~your ~~requesting~~Web site has multiple names, you don’t need a separate SSL certificate for each ~~host~~one. ~~name~~If you ~~can~~include ~~request the~~ “Subject ~~Alternate~~Alternative ~~Name~~Names” (SAN) ~~to be included~~ in your CSR, you need only one SSL ~~request.~~certificate. The SAN lists the names that you want your certificate to cover.

IfWhen ~~this~~you ishave ~~your~~no ~~first time generating a~~ ~~CSR~~,certificate, you can include the SAN information in ~~the~~your CSR. This process has been automated via a python script by the technical staff at UC Berkeley. More information can be found here: https://wikihub.berkeley.edu/display/calnet/CalNet+InCommon-Comodo+Certificate+Service#CalNetInCommon-ComodoCertificateService-GenFAQ

Note: If you use the python script, please ~~make necessary changes under~~customize the [ req_distinguished_name ] section in the script. For more information on openSSL input parameters, you can use the reference here: http://www.openssl.org/docs/apps/req.html. For example, iif I wanted to add emailAddress to the CSR, I ~~simply~~would edit the script and added emailAddress=xxx@xxx.xxx.xxx right below the [ req_distinguished_name ]

If you already have aan SSL certificate ~~issued and currently~~ in use, you can add a SAN ~~can be added~~ to ~~existing cert~~it without ~~having to generate~~generating a new CSR orand torevoking ~~revoke~~the existing cert. In this case, contact your CERT authority to make this arrangement.

~~This article assumes you are using InCommon-Comodo Certifcate Service. If you are using other Cert providers, please check with your vendor~~