Subject Alternative Enlightenment

So there’s this thing called an SSL certificate. Everyone (or at least the vast majority of anyone who is ever likely to read this) knows about SSL, or HTTPS, or at the very least the browser lock symbol.

Another time I’ll talk about a bunch of nonsense regarding the details of SSL and some of the strange things that have come out of it, but for the moment, one specific thing stands out.

Part of an X509 certificate is an optional piece of metadata called a Subject Alternative Name, or SAN. If you take a peek at an SSL certificate that provides one, you’ll see something like this:

Certificate:
    Data:
        [...]
        Subject: C=US, ST=CA, L=Cupertino, O=Apple, Inc., CN=*.example.com
        [...]
        X509v3 extensions:
            [...]
            X509v3 Subject Alternative Name:
                DNS:specific.example.com, DNS:example.com, DNS:*.example.com

Normally a client connecting to https://example.com/ will get a domain mismatch certificate error, because the CN *.example.com does not either exactly or via wildcard match example.com. However, a large number of clients also examine the list of SAN DNS names to validate the domain; since example.com shows up in that list, no error will be displayed.

Every major browser – IE, Firefox, Opera, Safari, and even the venerable Netscape Navigator have supported SANs since at least 2003. Surprisingly, Internet Explorer has supported them since Win98 (yes, that means they work in IE6, for those keeping count). Many mobile devices also recognize them – certainly the newest crop of WebKit-based and Android mobile browsers, but also things like Symbian 9.2+ and Windows Mobile 5 and 6.

Furthermore, SANs can be used to cause certain mail clients to stop complaining about connecting to a mail server that services multiple domains under one IP. Since these same mail clients are often configured to recognize an internal CA, rolling up all the possible names into the SAN list on a single certificate can save a pile of headache.

Why hasn’t this been more widely advertised and well-known? Because many certificate authorities are more in the habit of selling encryption than verification, and so would very much like to charge you for every single line in the certificate and every single reissue of the same certificate with slightly different metadata (say, a different set of SAN entries, in this case) rather than charging you for their performing trusted due diligence to ensure that you are who you claim to be and that you have the rights you claim to have over the subjects (in this case, domain names) in question.

Thanks a lot, “trusted” authorities. Way to instill confidence in your services.

There are a few respectable exceptions, of course, and a few web-of-trust CAs which perform the services for free or for reasonable, nominal charges. The web-of-trust CAs tend to have less or no native browser support, which makes them less suitable for general purpose commerce, but for those in the know (or a known browser demographic) they can be a fantastic alternative.

I’m currently a fan of DigiCert for business use, and StartCom for personal use. As a side note, many domain registrars (such as Gandi) also provide a free basic 1-year SSL certificate with purchase of a domain name.