+1(888) 481.5388
Linkedin ComodoSSLstore
View Cart
  1. Home
  2. Resources
  3. Multi-Domain
  4. How to Add a SAN to an SSL Certificate 

How to Add a SAN to an SSL Certificate 

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00)
Loading...

We’ll walk you through how to add a subject alternative name (SAN) entry to a new or existing SSL/TLS multi-domain certificate 

For this article, we’ll assume that you already know what a subject alternative name is. (This way, we can jump straight into discussing the answers for the information you’re looking for.) If you don’t know what a SAN is, check out our FAQ section at the end of this article to get answers to that and other questions.  

We’ve written this article in a way that approaches it from the perspective that either: 

  1. You want to know how to add a subject alternative name to a new multi-domain SSL/TLS certificate you plan to purchase. 
  1. You want to know how to add a SAN to an existing valid multi-domain SSL/TLS certificate.  

Click on the numbered links above to choose your specific approach or just keep scrolling to read both approaches.  

How to Add a Subject Alternative Name to a New Certificate 

  1. Purchase a multi-domain SSL/TLS certificate. We have plenty of standard multi-domain and multi-domain wildcard SSL/TLS certificates to choose from.  
A screenshow showing how to add additional SAN domains when purchasing a new multi-domain SSL/TLS certificate
Image caption: A screenshot of where you can select additional SAN domains when purchasing a new certificate. 
  1. Connect your ComodoSSLstore.com account to CertPanel. If you haven’t done that yet, here’s how to link your account to CertPanel.   
A screenshot that shows the screen where you can connect CertPanel to your ComodoSSLstore.com account.
Image caption: A screenshot that shows the signup screen to manage your certificates using CertPanel, ComodoSSLstore.com’s certificate management platform.
  1. Create a certificate signing request (CSR). This process, which generates your CSR form and public key, requires you to enter your domain, SAN-related information, and other organizational details. The CSR must be generated on your web server or computer. Not sure how to generate a CSR? Our guides break the process down by platform (Apache OpenSSL, Microsoft Exchange 2013, IIS 8, etc.). 
  1. Complete the certificate enrollment process. This certificate enrollment wizard will quickly walk you through the process of submitting information to the issuing CA. In steps #2 and #3, you’ll input the CSR information you generated and specify the SAN domains you want to cover with the certificate.  
A screenshot showing an example of where to insert the CSR info and the fields where you can add a SAN (or multipl SAN domains) to your certificate
Image caption: A screenshot from ComodoSSLstore.com’s certificate enrollment request wizard. 
  1. Submit the CSR information and public key to the issuing CA. This information must be submitted to the certification authority that you want to issue your site’s new multi-domain SSL/TLS certificate. (You’ll complete this step as part of the certificate enrollment process specified above. Do not share your private key.)  
  1. Complete the domain control validation (DCV) process. This process can be as quick as just a couple of minutes or take as long as several days, depending on the type of validation your multi-domain SSL/TLS certificate requires. The issuing CA will validate that your domain and/or organization are legitimate before issuing the certificate.  

That’s it! Once your certificate is issued, you’re set and can move forward with installing the SSL/TLS certificate on your newly covered SAN domains. 

But what if you already have an existing SSL/TLS certificate and just want to add SAN domains to it? So long as you have a certificate that supports SANs (e.g., a multi-domain SSL/TLS certificate), then follow the directions below to add subject alternative names to your existing certificate.  

How to Add a Subject Alternative Name to an Existing Certificate 

Existing SSL/TLS certificates, even SAN certificates, can’t be altered or updated once issued without the original certificate being revoked. (This is by design, as it protects your certificates against unauthorized modifications.) As such, you must reissue your certificate in order to add one or more SAN domains to it.  

Here’s how to add a subject alternative name to your existing certificate:  

  1. Log in to your CertPanel account. For ComodoSSLstore.com users who have already linked your CertPanel to our site, you can access this via the Login link at the top of the page.  
  1. Access your list of certificate order numbers. In your CertPanel dashboard, select All Orders to access your Managing Orders page. (This will be where you select the specific certificate’s order number in the next step).  
This screenshot demonstrates where to find the All Orders list of all ComodoSSLstore.com purchase order numbers.
  1. Click on the specific order ID. This will bring up a new window containing your order details. 
A screenshot example that shows where to find a certificate order number in CertPanel
  1. Reissue your certificate. To add or remove a subject alternative name from a valid multi-domain certificate, you’ll need to reissue it as a new certificate. (This is because you can’t modify a certificate without it being revoked.) If you already have open/unused SANs available, you’ll be able to specify the SAN domains in step 5. Otherwise, you’ll need to purchase additional SANs and then complete step 5 (listed below). 
How to add a SAN graphic: A screenshot showing where to find the reissue button in ComodoSSLstore.com's CertPanel dahsboard
  1. Run through the Certificate Enrollment process. This is an abbreviated version of the process you completed when you requested your original SSL/TSL certificate.  
  • In step #1, you’ll add your new CSR. (Need a quick refresher? Check out our resource on how to generate a CSR).  
An example generated certificate signing request
  • In step #2, you’ll add your additional SAN(s).  
How to add a SAN to a certificate graphic: An example that shows how to list additional domains to an existing certificate that's being reissued

After this, you’ll need to select your chosen authentication method (email, DNS CNAME, or HTTP/HTTPS) and complete the validation process. Once validation is completed successfully, you can retrieve your reissued certificate and install it on your website.  

An example of the certificate validation confirmation screen

Still have questions? We’ve got answers.  

FAQs About How to Add a SAN to a Certificate 

What is a SAN or a SAN certificate? 

A subject alternative name, or SAN, is an alternative domain that you may be able to cover under your SSL/TLS certificate. A SAN certificate, or what’s also known as a multi-domain SSL/TLS certificate, enables you to secure up to 1,000 domains total (depending on the certificate you choose) under a single certificate.  

How do I ensure my WWW domain is also included on my certificate? 

In some cases, the WWW may count as a SAN. The answer to how to add a SAN to your certificate depends on which type of certificate you’re buying or using:  

  • When WWW- and non-WWW domains are covered by default. If you have a standard Comodo single-domain SSL/TLS certificate from ComodoSSLstore.com, then the WW- (www.itsatest.site) and non-WWW (itsatest.site) variations of your domain will be covered by default. The same goes for our basic wildcard SSL/TLS certificates.  
  • When WWW- and non-WWW domains must be manually added. If you’re using a multi-domain or multi-domain wildcard SSL/TLS certificate, then you’ll need to add separate SANs to cover both varieties of your domain.   

Can I add additional SANs (other than WWW) to a standard SSL/TLS Certificate? 

No. Standard SSL/TLS certificates cover only a single domain (itsatest.site) and its WWW alternative (www.itsatest.site). You can’t add additional SANs to the certificate; you’d need to use a multi-domain SSL/TLS certificate instead. 

How do I add additional SANS to my multi-domain SSL/TLS certificate?  

Let’s imagine you added 150 domains when you initially set up your multi-domain SSL/TLS certificate. Now, you find yourself wanting to add another 10 SAN domains. You can do this by purchasing additional SANs for your certificate.  

Log into your account, then navigate to All Orders and select the Order ID/Domain Name. Scroll to the bottom of your Managing Orders page and you’ll the Add SANs button, as shown below: 

An example of the "Add SANs" button in ComodoSSLstore.com's CertPanel dashboard

This will bring up the Purchase Additional SANs page, where you can add more domains to your certificate.  

Related posts:

  1. Can I Use One SSL Certificate on Multiple Domains?
  2. How to Install a Multi-Domain SSL Certificate on HostGator
  3. Can you have multiple SSL certificates for one domain?
  4. What is HSTS?
  5. 51% Of Users Say They Would Leave A Website Marked “Not Secure” Immediately
  6. Is There a Free Multi Domain SSL Certificate?
  7. Code Signing Certificate vs SSL Certificate: What’s The Difference?
  8. Comodo Encryption For Emails, Documents, & Websites