Published on

SSL Common Name (CN) and Subject Alternate Name (SAN)


🔒 Exploring SSL Certificates and SANs: Unveiling the Mystery! 🔒

Ever wondered why SSL certificates sometimes have a different Common Name (CN) than the domain name? Here's the scoop:

  1. 🌐 SANs Take the Lead: Browsers prioritize names from Subject Alternate Names (SAN) over CN. SAN can host multiple domain names and IP addresses.

  2. 🚀 CN is Plan B: If no match in SAN, browsers check CN. But don't fret if CN differs, especially in shared hosting situations – it's about trust, not just names.

  3. 🕵️‍♂️ Check Your Cert: Use this OpenSSL command to inspect CN, SAN, and more:

sh openssl s_client -connect []( 2>/dev/null | openssl x509 -noout -text | grep -E "CN=|DNS:|IP Address:|Purpose:|Public Key:|Not Before:|Not After:"

  1. 🌟 Firebase Example: Google Firebase might show a different CN, but with a whopping 100 SAN DNS entries. Impressive!

  2. 🛡️ Maximize SAN Entries: Remember, the maximum SAN entries per Let's Encrypt certificate are around 100.




Ref: Ref:

Let's demystify SSL together! Like and share to spread the knowledge.