SAN vs. Wildard SSL Certificate on Host Header Based Web Sites

I have a web server that serves up about 6 HTTPS  (host header) sites using a wildcard certificate which works fine but it is expiring soon so am looking into the possibility of using a SAN certificate. I do not quite understand what the SAN based ones are but from what I understand, they are for multiple domains. In theory, I think this would also work for host header based sites but wanted to verify before spending the money. I also have a couple of other domains that use SSL including an Exchange CAS server for Activesync.

Will a SAN cert work and can someone point me to a document explaining how they work?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BusbarSolutions ArchitectCommented:
UCC or SAN certificate are fine, in by opinion they offer more flexibility since you can have multiple domain in them (, also you can add/remove hosts from them
they will work nicely for those websites, add to this they will work for Exchange/OCS

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AkhaterSolutions ArchitectCommented:
I am too a fan of SAN ceritificates and there is no reason at all why they won't work with your domains/host headers.

if you only need to host multiple sites in one domain maybe a wildcard certificate makes more sense however, like busbar said, if you have multiple domains then UCC is the way to go
rparsons1000Author Commented:
So when you setup a SAN cert at the certificate authority website, there is an area to define each site you are applying to?
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Dave HoweSoftware and Hardware EngineerCommented:
SAN certificates have a *list* of URIs - so you can include (for example) IP addresses, and sites that don't share a common root domain.

Wildcards are <anything at>.domain - so given SAN certificates are priced based on how many URIs are included, can work out cheaper if you have a fair few sites that would be convered by a wildcard.
Dave HoweSoftware and Hardware EngineerCommented:
and you usually define the sites you want in your CSR, rather than at the CA.
AkhaterSolutions ArchitectCommented:
The certificate is created on the webserver and not on the va website
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.