locked
SAN certificate and wild card certificate RRS feed

  • Question

  • Diffrence between SAN certificate and wild card certificate
    Monday, December 17, 2012 9:36 AM

Answers

  • Hi ,

    Wild card certificate is equivalent to “ *.contoso.com ”, SAN certificate is a certificate includes some SANs (Subject Alternative Name) you specify.


    Wendy Liu
    TechNet Community Support

    • Marked as answer by chotu24 Wednesday, December 19, 2012 4:15 AM
    Tuesday, December 18, 2012 9:22 AM
  • Wildcard:

    *.contoso.com

    ----------------

    SAN (examples):

    mail.contoso.com

    webmail.contoso.com

    autodiscover.contoso.com

    mailserver1.contoso.com

    mailserver

    -----------------

    The SAN includes the exact names that you may require. Depending on the type of certificate, you could have quite a few names: 5, 10, etc. The wildcard just accepts any name represented by the asterisk.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    • Marked as answer by chotu24 Wednesday, December 19, 2012 4:15 AM
    Wednesday, December 19, 2012 12:48 AM

All replies

  • Hi,

    Clients blindly accept anything within the scope of the wildcard. For Eg. if your wildcard certificate has the entry *domain.com, it can accept anything starting with 'domain.com' as the trusted url. But for SAN, you should specify the SAN names like autodiscover.domain.com, domain.com/owa etc. 

    I can see this main difference..This is ofcource a security factor


    Regards from ExchangeOnline

    Monday, December 17, 2012 12:04 PM
  • Hi ,

    Wild card certificate is equivalent to “ *.contoso.com ”, SAN certificate is a certificate includes some SANs (Subject Alternative Name) you specify.


    Wendy Liu
    TechNet Community Support

    • Marked as answer by chotu24 Wednesday, December 19, 2012 4:15 AM
    Tuesday, December 18, 2012 9:22 AM
  • Wildcard:

    *.contoso.com

    ----------------

    SAN (examples):

    mail.contoso.com

    webmail.contoso.com

    autodiscover.contoso.com

    mailserver1.contoso.com

    mailserver

    -----------------

    The SAN includes the exact names that you may require. Depending on the type of certificate, you could have quite a few names: 5, 10, etc. The wildcard just accepts any name represented by the asterisk.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    • Marked as answer by chotu24 Wednesday, December 19, 2012 4:15 AM
    Wednesday, December 19, 2012 12:48 AM