What Is SAN Certificate (Subject Alternative Name)?
A SAN certificate (Subject Alternative Name certificate) is an SSL/TLS certificate that secures multiple different domain names on a single certificate. Unlike wildcard certificates, SAN certificates list each domain explicitly.
Why It Matters
SAN certificates solve the problem of securing multiple unrelated domains without buying separate certificates for each. A single SAN certificate can cover:
example.comexample.orgmy-other-brand.comlegacy-domain.net
This is useful for brand migration or M&A scenarios where you’re forwarding multiple old domains to a new one.
SAN vs Wildcard
| Feature | SAN Certificate | Wildcard Certificate |
|---|---|---|
| Covers | Explicitly listed domains | All subdomains of one domain |
| Cross-domain | Yes (a.com + b.com) | No (one domain only) |
| Subdomains | Only if listed | All automatically |
| Typical limit | 100-250 domains per cert | Unlimited subdomains |
| Use case | Multi-brand forwarding | Subdomain forwarding |
SAN Certificates and Forwarding
Let’s Encrypt certificates support the SAN field natively — every Let’s Encrypt certificate is technically a SAN certificate. When Domain Forward provisions a certificate, it can include the apex domain and www subdomain on the same certificate.
Related Terms
Related Features
Frequently
asked questions
Domain Forward typically uses individual certificates per domain via Let's Encrypt, which supports SAN fields. The specific certificate strategy is handled automatically — you never need to manage it.
A wildcard covers all subdomains of one domain (*.example.com). A SAN certificate covers multiple specific domains (example.com, example.org, different-brand.com) — they don't need to be related.
Still Confused? Try It Free.
Set up your first domain forward in under 5 minutes. Free plan includes 5 domains.