SANs management with DigiCert, Thawte & Geotrust SSL certificates
It is now possible to add a maximum of 249 SANs (in addition to the main CN) to your DigiCert , Thawte and Geotrust Multi SSL products. SANs fields can secure:
- FQDN - Fully Qualified Domain Name
SANs format
DigiCert, Thawte and Geotrust certificates can handle several format of SANs.
- 'Classical' additional SANs: they can secure domains, sub-domains, FQDN...
- additional wildcard SANs: comme leur nom l'indique, ils sécurisent des SANs au format wildcard : *.domaine.com et permettent de sécuriser un nombre infini de sous-domaines (sur un même niveau de sous-domaine)
Which products are concerned?
The information is displayed on the order form of the selected product. If the product can handle SANs, you'll know which kind of SANs. To resume:
- For 'classical' additionnal SANs: All server products are concerned except for wildcard ones
- For wildcard additionnal SANs: All server products are concerned except for wildcard and EV ones
Non-billed SANs
The versions of your SANs (CN including) with or without "www" can be offered if they secure the main domain.
Example:
Requested SANs:
- domain.co.uk
- www.domain.com
- sub-domain.domain.fr
Non-billed SANs:
- www.domain.co.uk
- domain.com
Adding / editing SANs via reissuance
Adding a SAN
To add a SAN, go on your certificate's status page, request a reissuance and indicate the SANs you want to secure (within the limit of 249 SANs per certificate in addition to the main CN). You will then be billed for those new SANs purchase.
Modifying a SAN
Any SAN modification is billed. A SAN deletion along with a new SAN addition is not considered as a replacement but as the addition of a new SAN and will be billed accordingly.
WARNING: any SAN modification (addition or replacement) will lead to the initial certificate (and its reissuances) revocation. The revocation is effective 3 days after the deliverance of your reissuance.
Example:
You have 2 currently valid certificates in your deal:
certificate 1:
- www.domain.co.uk
- domain.co.uk
- sub.domain.org
certificate 2:
- www.domain.co.uk
- domain.co.uk
- sub.domain.org
- sub.domain.co.uk
CASE A: You want to add a SAN. You'll be delivered of the certificate number 3:
- www.domain.co.uk
- domain.co.uk
- sub.domain.org
- sub.domain.co.uk
- sub.sub.domain.co.uk
Certificates 1 and 2 will stay active.
CASE B: You want to delete A SAN from your certificate. You'll be delivered of the certificate number 3:
- www.domain.co.uk
- domain.co.uk
- sub.domain.org
Certificates 1 and 2 will be revoked by the authority.
CASE C: You want to replace a SAN by another. You'll be delivered of the certificate number 3:
- www.domain.co.uk
- domain.co.uk
- sub.domain.org
- sub.sub.domain.co.uk
Certificates 1 and 2 will be revoked by the authority.