Securing Multiple Domains in AWS with Subject Alternative Names (SANs)

Adding a Subject Alternative Name (SAN) to your SSL/TLS certificate is a way to secure multiple domains or subdomains with a single certificate. Each SAN entry allows you to specify additional domain names that are covered by the certificate, providing a convenient and cost-effective way to protect multiple websites under a single certificate.

Here’s how it works:

  1. Primary Domain (Common Name or CN): When you purchase an SSL/TLS certificate, you specify a primary domain, often referred to as the “Common Name” (CN). This is the primary domain for which the certificate is issued and matches exactly.
  2. Subject Alternative Names (SANs): In addition to the primary domain, you can add one or more SAN entries to the certificate. Each SAN entry specifies an additional domain name that the certificate will also protect.

For example, if you have a certificate for the primary domain “” and you want it to secure the following domains as well:

You can add these as SANs to your certificate. The certificate will then be valid and trusted for all these domains, not just the primary domain.

This is particularly useful when you have multiple websites, subdomains, or different domain variations (e.g., with or without “www”) that you want to secure without the need to purchase and manage separate certificates for each one.

To implement this, you typically need to request a certificate from a Certificate Authority (CA) or generate a Certificate Signing Request (CSR) with the SANs specified. The CA will issue a certificate containing the primary domain and the specified SANs. Once you install this certificate on your web server, it will secure all the domains listed in the SANs, along with the primary domain.

  1. AWS Elastic Load Balancer (ELB):
    • When you set up an Application Load Balancer or Network Load Balancer in AWS, you can associate SSL/TLS certificates with them for secure traffic handling.
    • These load balancers often support multiple domains, subdomains, or services, and you can use SAN certificates to secure all the necessary domains in a single certificate.
  2. AWS Certificate Manager (ACM):
    • ACM is an AWS service that provides free SSL/TLS certificates.
    • When you request a certificate through ACM, you can add multiple domain names as Subject Alternative Names (SANs) to the certificate.
    • ACM will automatically manage and renew the certificate for you, making it convenient for securing multiple domains or subdomains within AWS services like CloudFront, ELB, and API Gateway.
  3. Amazon CloudFront:
    • Amazon CloudFront is a content delivery network (CDN) service that allows you to distribute content globally.
    • You can associate SSL/TLS certificates with your CloudFront distribution, and if you have multiple domains, you can use a SAN certificate to secure them.
  4. Amazon API Gateway:
    • Amazon API Gateway allows you to create and manage APIs for your applications.
    • You can configure custom domains for your APIs and associate SAN certificates to secure these custom domains.
  5. Amazon S3 Website Hosting:
    • If you are hosting a static website on Amazon S3 and you want to use SSL/TLS to secure multiple subdomains or domains, you can use SAN certificates when configuring your custom domain.

Using SAN certificates in these scenarios is a cost-effective and efficient way to secure multiple domains or subdomains under a single certificate. It simplifies the management of SSL/TLS certificates for AWS services and helps ensure secure communication with your resources.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top