Multi-Domain (SAN) SSL Certificate
Multi-domain SSL certificates (also called SAN certificates or UCC certs) cover multiple distinct domains in a single certificate. Learn how they work and when to use them.
A multi-domain SSL certificate — also called a SAN certificate, UCC (Unified Communications Certificate), or multi-SAN certificate — secures multiple distinct domain names in a single certificate by listing each domain as a Subject Alternative Name (SAN).
How Multi-Domain Certificates Work
The X.509 Subject Alternative Name extension allows a certificate to be valid for any number of domain names, IP addresses, or email addresses. A multi-domain certificate simply uses this extension to list all the domains it should cover. For example, a single cert might include:
DNS: example.comDNS: www.example.comDNS: example.orgDNS: api.example.net
Certificate Authority Limits
CAs typically allow between 100 and 250 SANs per certificate. Let's Encrypt caps at 100 domains per certificate. Commercial CAs often charge per additional SAN beyond the base count (typically 2–5 included).
When to Use Multi-Domain Certificates
- Serving multiple brands or products from one server (Microsoft Exchange, for example, traditionally required specific SANs)
- Covering both the www and non-www versions of multiple domains
- Microservices architectures where multiple internal hostnames need certificates
Decoding Multi-Domain Certificates
When you paste a multi-domain certificate into the decoder, the Subject Alternative Names section will list every covered domain. Large SAN lists (100+ entries) are common on CDN edge certificates from providers like Cloudflare and Fastly, which aggregate thousands of customer domains onto shared certificates.
Ready to inspect a certificate?
Use the free decoder to decode any PEM certificate and see all fields including sans, fingerprints, validity dates, and extensions.
Decode a Certificate