1 certificate - 2 Domains


#1

Hi,

there is something I do not understand.
A certificate is (usually) linked to 1 Domain, that is how I handle certificates at least.

Now I became aquestion from a customer/collegue that has 2 very different Domains that have the same certificate, linked however to one of these domains.

The strange thing for me is that firefox does not protest.

How does one realise something like that? This customer wants the same with 2 other domains.

I am gratefull for any hint how this is done.

Regards,
Jan


#2

Certificates have a “Common Name” field, which contains 1 name, is displayed prominently in browsers, but is not actually important.

Certificates also have a list of Subject Alternative Names, which is buried in your browser interface, and what all but the oldest HTTPS clients actually use.

Let’s Encrypt certificates, by policy, can have up to 100 names in the SAN list, and they can be from the same domain or any number of different domains.

It depends on what ACME client you’re using, but getting a certificate with names in multiple domains is usually exactly the same as getting a certificate for names in one domain.

For example, with Certbot, you can use “certbot -d example.com -d www.example.com -d example.net -d www.example.net”.