Here are some simple rules to keep in mind when ordering SAN certificates.
- The main domain or Common name (CN) must be specified in full, together with the www, for example www.domain.com. CN can only be a full-fledged domain, not an intranet domain.
- In the SAN entry you can also specify intranet domains, for example: cool, forum.
- If you buy a certificate for a site, you need to specify both with and without www in the SAN entry, e.g. www.domain.com and domain.com. For the domain specified in the CN do not need to do this, it is enough to specify it together with the www, so that protection works in both ways.
- Internal (intranet) domains can only be specified in certificates with organization validation. In DV or EV certificates you cannot (until May 2015).
There is also a limit to the number of SAN records depending on the certification center.
Symantec has a maximum of 24, you can order one entry at a time.
At Geotrust – a maximum of 25, you can order 5 records each.
At Comodo – a maximum of 100, you can order one entry at a time.
