SANs management with Symantec & Thawte SSL certificates
It is now possible to add a maximum of 99 SANs (in addition to the main CN) to your Symantec and Thawte SSL products. SANs fields can secure:
- FQDN - Fully Qualified Domain Name
Buying a SAN
You can request 99 SANs at most per certificate provided that one SAN at least has already been bought via the original request.
IN CLEARER: If you order a certificate with one or several SAN, you will then be able to add other SANs during your certificate's lifetime.
In the contrary, you did not buy any SAN during your certificate request, then you won't be able to make your certificate evolve.
Symantec and Thawte certificates can handle several format of SANs.
- 'Classical' additional SANs: they can secure domains, sub-domains, FQDN, IP...
- additional wildcard SANs: comme leur nom l'indique, ils sécurisent des SANs au format wildcard : *.domaine.com et permettent de sécuriser un nombre infini de sous-domaines (sur un même niveau de sous-domaine)
Which products are concerned?
The information is displayed on the order form of the selected product. If the product can handle SANs, you'll know which kind of SANs. To resume:
- For 'classical' additionnal SANs: All server products are concerned except for wildcard ones
- For wildcard additionnal SANs: All server products are concerned except for wildcard and EV ones
Adding / editing SANs via reissuance
To add a SAN, go on your certificate's status page, request a reissuance and indicate the SANs you want to secure (within the limit of 99 SANs per certificate in addition to the main CN). You will then be billed for those new SANs purchase.
About the SANs edition, several cases can be encountered.
The SANs' reissuance is free insofar as the edition does not impact the domain, therefore if the edition only occurs from the third level of your FQDN. If not, the SAN will be billed for a new audit of the domain will have to be done.
Here lvl4 and lvl3 could be edited for free. In the contrary, the domain or its extension modification would be billed.
The same way, any SAN modification securing an IP address or a hostname will be billed.