API Documentation
Home > Knowledge Base > ADCaaS - Load Balancing, Web Application API Protection > Do you support SAN (Subject Alternative Name) extension SSL Certificates?

Do you support SAN (Subject Alternative Name) extension SSL Certificates?


Yes, we absolutely do, and always have. Before we supported SNI, we recommended that clients with multiple domains on a single IP address use a SAN (Subject Alternative Name) extension certificate. To use one of these, simply attach it as a standard SSL certificate (that is, do not check the SNI box when attaching it). This will attach it to your IP when published and allow all domains configured as SAN to properly load with SSL enabled.

NOTE: There is one scenario where we do not support SAN certificates. And that is between the load balancer and your server. So if you have a SAN certificate on the load balancer, it will work between your client and us, but your server will need either a standard SSL cert (and it need not have a matching name, we ignore that because you are a trusted origin) or you can implement SSL Offload by mapping Public Port SSL/443 to Private Port HTTP/80. Often SSL Offload is the best option if you have more than one website on a single IP address on your server and use host headers to load the correct website.

SSL can be tricky. If you have any questions at all, just reach out to us. We’re working to improve and add features often, and hopefully by January 1, 2017 SAN certificates will be supported on the back-end too.

Prevent your next outage now!

TRY IT FREE