> For the complete documentation index, see [llms.txt](https://docs.certinext.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.certinext.io/documentation/certificate-lifecycle-management/ordering-a-certificate/as-a-customer/ordering-and-managing-multi-san-certificates.md).
# Ordering & Managing Multi SAN Certificates
CERTInext allows organizations to issue and manage Multi-Domain / UCC SSL certificates using Subject Alternative Names (SANs). A single certificate can secure multiple domains, subdomains, applications, or environments under one certificate lifecycle.
This is commonly used for:\
• Unified Communications (UCC) certificates\
• Multi-domain web applications\
• Load balancers and reverse proxies\
• API gateways\
• Enterprise application environments\
• Hybrid and multi-cloud deployments
The SAN ordering workflow is handled directly within the standard certificate request process.
### Navigation Path
To create a Multi-SAN certificate request, navigate to:
```
Certificates → New Certificate
```
This launches the guided certificate request workflow.
Depending on the selected CA source and certificate product, the workflow may contain:
1. Choose Product & Validity
2. Certificate Signing Request (CSR)
3. Requestor Information
4. Certificate Information
5. Additional Information (Optional)
6. Order Summary & Payment
Some CA sources may include Organization Information or Authorized Signatory Information as additional steps.
## Step 1 - Choose Product & Validity
The first step defines the certificate type, CA source, validity, and SAN capacity.
Fill in the required fields:
• Group - Select the certificate group or business unit\
• CA Source - Select the issuing Certificate Authority\
• Certificate Type - Example: SSL/TLS Certificates\
• Product - Example: DV SSL Certificate UCC\
• Subscription For - Select the validity period\
• No. of Domains - Select the SAN/domain count supported by the product
CERTInext dynamically calculates pricing based on:\
• Product type\
• Subscription duration\
• Number of SAN entries
If additional SANs exceed the included limit, extra SAN pricing is displayed automatically.
For CA sources such as DigiCert or Sectigo, the workflow may display:\
• Group\
• CA Source\
• Select Connector
In these cases, certificate products and policies are derived from the configured CA connector.
After completing the selections, click Next.
## Step 2 - Certificate Signing Request (CSR)
The CSR step allows users to either:\
• Upload an existing CSR file\
• Paste CSR content manually
The CSR contains:\
• Public key\
• Common Name (CN)\
• Key algorithm\
• Subject details
Users can:\
• Click Choose File to upload a CSR\
• Paste the CSR directly into the provided text area
CERTInext extracts the CSR details automatically for certificate generation.
After entering the CSR, click Next.
## Step 3 - Requestor Information
This step captures the certificate requestor details.
Required fields include:\
• Name\
• Requestor Email ID\
• Mobile Number
Optional delegated contact information may also be configured.
These details are used for:\
• Order notifications\
• Validation workflows\
• CA communication\
• Certificate lifecycle alerts
After entering the requestor details, click Next.
## Step 4 - Certificate Information (Adding SAN Entries)
This is the primary step where multiple SAN domains are configured.
### Primary Domain Name
Enter the primary domain name for the certificate.
Example:
```
example.company.com
```
### Additional Domain Names (SANs)
Under Additional Domain Names, users can add multiple SAN entries.
Example SAN entries:
```
it.company.com
mail.company.com
api.company.com
vpn.company.com
```
Each additional entry becomes part of the Subject Alternative Name (SAN) list in the final SSL certificate.
### Adding SAN Domains
To add SAN entries:
1. Enter the SAN value
2. Click the Add (+) button
3. Repeat for additional domains
CERTInext dynamically displays all SAN entries in the SAN list area.
### Importing Multiple SANs
CERTInext also supports bulk SAN import using:
```
Import additional domain
```
This simplifies large SAN requests by allowing administrators to import multiple domain entries instead of adding them individually.
This is particularly useful for:\
• UCC certificates\
• Large enterprise environments\
• Application clusters\
• Regional deployments
### Automatically Secure WWW Variant
The option:
```
Automatically secure 'www' variant of websites
```
automatically includes the WWW version of the domain where supported.
Example:
```
example.comwww.example.com
```
This helps reduce manual SAN entry requirements.
After configuring SAN domains, click Next.
## Step 5 - Additional Information (Optional)
This step allows operational and lifecycle settings to be configured.
Available options include:
• Tags - Used for categorization, grouping, and reporting\
• Order Remarks - Internal operational notes\
• Technical Point of Contact Information\
• KYC Documents\
• Additional Email Recipients
### Auto-Renew Configuration
CERTInext supports automated certificate renewal workflows.
Example option:
```
Auto-renew certificates until coverage
```
Administrators can define renewal criteria such as:
```
Before 15 days of certificate expiry
```
This helps prevent certificate expiration and operational outages.
After completing the optional settings, click Next.
## Step 6 - Order Summary & Payment
The final step displays the complete certificate order summary.
The summary includes:\
• Certificate Type\
• Product Name\
• Validity Period\
• Domain Count\
• Primary Domain Name\
• Additional SAN Entries\
• Certificate Pricing\
• Additional SAN Charges\
• Grand Total
Users should review all SAN entries carefully before submission.
Available actions include:\
• Save and Exit\
• Pay Online\
• Use Credit
After confirming the order, submit the request.
## Viewing the SAN Certificate Order
After order submission, navigate to:
```
Certificates → Orders
```
Open the certificate order to view:\
• Order Status\
• Certificate Status\
• CSR Information\
• SAN Domain List\
• Auto-renew Configuration\
• Requestor Information
The complete SAN inventory is displayed under Certificate Information.
## Tracking Certificate Validation
CERTInext supports public order tracking and validation workflows.
From the order details page:
1. Open the Actions menu
2. Select Track Order
CERTInext generates a public validation tracking URL that can be shared with the requestor or domain owner.
## Multi-SAN Domain Validation (DCV)
For SAN certificates, each domain may require Domain Control Validation (DCV).
Supported validation methods may include:\
• DNS TXT Validation\
• Email Validation\
• HTTP Validation
depending on CA capabilities and product type.
## DNS TXT Validation Workflow
For each SAN domain:
1. Click Verify
2. CERTInext displays the DNS TXT validation record
3. Add the TXT record in the DNS provider
4. Wait for DNS propagation
5. Click Verify Now
CERTInext validates ownership automatically.
The validation dialog displays:\
• TXT Record Type\
• Host Name\
• TXT Value
Once validation succeeds, the SAN entry status changes to Verified.
## SAN Validation Status Tracking
The validation portal displays:\
• Total domains\
• Verified domains\
• Pending validations\
• Validation progress
This allows administrators to monitor multi-domain validation from a centralized interface.
## Certificate Issuance
Once all SAN validations are completed:
1. The CA processes the certificate request
2. CERTInext updates the order status automatically
3. The certificate is issued
The issued certificate can then be:\
• Downloaded manually\
• Deployed using provisioning workflows\
• Tracked through lifecycle dashboards
## Updating SAN Entries in an Existing Certificate
CERTInext supports SAN updates using certificate reissue workflows.
Common scenarios include:\
• Adding new domains\
• Removing obsolete SANs\
• Application expansion\
• Environment migration
**To update SAN entries:**
1. Navigate to Certificates → Orders
2. Open the existing certificate order
3. Select Reissue CSR or Reissue Certificate
4. Update the SAN list
5. Complete validation for newly added domains
6. Submit the reissue request
A new certificate is issued once validation is completed.
## Operational Notes
* Each SAN entry may require independent domain validation depending on CA policy.
* Wildcard SANs are supported based on product eligibility.
* Additional SAN pricing varies by CA and product type.
* Using DNS validation with DNS Connectors can significantly accelerate SAN verification workflows.
* Regularly review SAN inventories to remove unused domains and reduce operational risk.
* Large SAN certificates should be planned carefully to avoid unnecessary certificate sprawl.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.certinext.io/documentation/certificate-lifecycle-management/ordering-a-certificate/as-a-customer/ordering-and-managing-multi-san-certificates.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.