Ordering & Managing Multi SAN Certificates
CERTInext allows organizations to issue and manage Multi-Domain / UCC SSL certificates using Subject Alternative Names (SANs). A single certificate can secure multiple domains, subdomains, applications, or environments under one certificate lifecycle.
This is commonly used for: • Unified Communications (UCC) certificates • Multi-domain web applications • Load balancers and reverse proxies • API gateways • Enterprise application environments • Hybrid and multi-cloud deployments
The SAN ordering workflow is handled directly within the standard certificate request process.
Navigation Path
To create a Multi-SAN certificate request, navigate to:
Certificates → New CertificateThis launches the guided certificate request workflow.
Depending on the selected CA source and certificate product, the workflow may contain:
Choose Product & Validity
Certificate Signing Request (CSR)
Requestor Information
Certificate Information
Additional Information (Optional)
Order Summary & Payment
Some CA sources may include Organization Information or Authorized Signatory Information as additional steps.
Step 1 - Choose Product & Validity
The first step defines the certificate type, CA source, validity, and SAN capacity.
Fill in the required fields:
• Group - Select the certificate group or business unit • CA Source - Select the issuing Certificate Authority • Certificate Type - Example: SSL/TLS Certificates • Product - Example: DV SSL Certificate UCC • Subscription For - Select the validity period • No. of Domains - Select the SAN/domain count supported by the product
CERTInext dynamically calculates pricing based on: • Product type • Subscription duration • Number of SAN entries
If additional SANs exceed the included limit, extra SAN pricing is displayed automatically.
For CA sources such as DigiCert or Sectigo, the workflow may display: • Group • CA Source • Select Connector
In these cases, certificate products and policies are derived from the configured CA connector.
After completing the selections, click Next.
Step 2 - Certificate Signing Request (CSR)
The CSR step allows users to either: • Upload an existing CSR file • Paste CSR content manually
The CSR contains: • Public key • Common Name (CN) • Key algorithm • Subject details
Users can: • Click Choose File to upload a CSR • Paste the CSR directly into the provided text area
CERTInext extracts the CSR details automatically for certificate generation.
After entering the CSR, click Next.
Step 3 - Requestor Information
This step captures the certificate requestor details.
Required fields include: • Name • Requestor Email ID • Mobile Number
Optional delegated contact information may also be configured.
These details are used for: • Order notifications • Validation workflows • CA communication • Certificate lifecycle alerts
After entering the requestor details, click Next.
Step 4 - Certificate Information (Adding SAN Entries)
This is the primary step where multiple SAN domains are configured.
Primary Domain Name
Enter the primary domain name for the certificate.
Example:
Additional Domain Names (SANs)
Under Additional Domain Names, users can add multiple SAN entries.
Example SAN entries:
Each additional entry becomes part of the Subject Alternative Name (SAN) list in the final SSL certificate.
Adding SAN Domains
To add SAN entries:
Enter the SAN value
Click the Add (+) button
Repeat for additional domains
CERTInext dynamically displays all SAN entries in the SAN list area.
Importing Multiple SANs
CERTInext also supports bulk SAN import using:
This simplifies large SAN requests by allowing administrators to import multiple domain entries instead of adding them individually.
This is particularly useful for: • UCC certificates • Large enterprise environments • Application clusters • Regional deployments
Automatically Secure WWW Variant
The option:
automatically includes the WWW version of the domain where supported.
Example:
This helps reduce manual SAN entry requirements.
After configuring SAN domains, click Next.
Step 5 - Additional Information (Optional)
This step allows operational and lifecycle settings to be configured.
Available options include:
• Tags - Used for categorization, grouping, and reporting • Order Remarks - Internal operational notes • Technical Point of Contact Information • KYC Documents • Additional Email Recipients
Auto-Renew Configuration
CERTInext supports automated certificate renewal workflows.
Example option:
Administrators can define renewal criteria such as:
This helps prevent certificate expiration and operational outages.
After completing the optional settings, click Next.
Step 6 - Order Summary & Payment
The final step displays the complete certificate order summary.
The summary includes: • Certificate Type • Product Name • Validity Period • Domain Count • Primary Domain Name • Additional SAN Entries • Certificate Pricing • Additional SAN Charges • Grand Total
Users should review all SAN entries carefully before submission.
Available actions include: • Save and Exit • Pay Online • Use Credit
After confirming the order, submit the request.
Viewing the SAN Certificate Order
After order submission, navigate to:
Open the certificate order to view: • Order Status • Certificate Status • CSR Information • SAN Domain List • Auto-renew Configuration • Requestor Information
The complete SAN inventory is displayed under Certificate Information.
Tracking Certificate Validation
CERTInext supports public order tracking and validation workflows.
From the order details page:
Open the Actions menu
Select Track Order
CERTInext generates a public validation tracking URL that can be shared with the requestor or domain owner.
Multi-SAN Domain Validation (DCV)
For SAN certificates, each domain may require Domain Control Validation (DCV).
Supported validation methods may include: • DNS TXT Validation • Email Validation • HTTP Validation
depending on CA capabilities and product type.
DNS TXT Validation Workflow
For each SAN domain:
Click Verify
CERTInext displays the DNS TXT validation record
Add the TXT record in the DNS provider
Wait for DNS propagation
Click Verify Now
CERTInext validates ownership automatically.
The validation dialog displays: • TXT Record Type • Host Name • TXT Value
Once validation succeeds, the SAN entry status changes to Verified.
SAN Validation Status Tracking
The validation portal displays: • Total domains • Verified domains • Pending validations • Validation progress
This allows administrators to monitor multi-domain validation from a centralized interface.
Certificate Issuance
Once all SAN validations are completed:
The CA processes the certificate request
CERTInext updates the order status automatically
The certificate is issued
The issued certificate can then be: • Downloaded manually • Deployed using provisioning workflows • Tracked through lifecycle dashboards
Updating SAN Entries in an Existing Certificate
CERTInext supports SAN updates using certificate reissue workflows.
Common scenarios include: • Adding new domains • Removing obsolete SANs • Application expansion • Environment migration
To update SAN entries:
Navigate to Certificates → Orders
Open the existing certificate order
Select Reissue CSR or Reissue Certificate
Update the SAN list
Complete validation for newly added domains
Submit the reissue request
A new certificate is issued once validation is completed.
Operational Notes
Each SAN entry may require independent domain validation depending on CA policy.
Wildcard SANs are supported based on product eligibility.
Additional SAN pricing varies by CA and product type.
Using DNS validation with DNS Connectors can significantly accelerate SAN verification workflows.
Regularly review SAN inventories to remove unused domains and reduce operational risk.
Large SAN certificates should be planned carefully to avoid unnecessary certificate sprawl.
Last updated