Most organizations use certificates in some fashion. Web servers, email servers, messaging servers... everything seems to be moving in the direction of public key certificates. But certificates can be costly and confusing to manage, especially with large web farms or email-centric companies. One great solution to this problem is the use of subject alternative name (SAN) certificates.
The Shortcut Guide to Subject Alternative Name Certificates provides information about SAN certificates to show how they can be used in a variety of technologies. These special certificates allow multiple hosts to use the same certificate, avoiding the costs of obtaining, deploying, and managing multiple nearly-identical certificates. This guide will explore what SAN certificates are, how they work, and how they can help you deploy server farms more efficiently. You may even discover that you already have SAN certificates available that can be put to good use with no additional expense!
Available Chapter Previews:
Chapter 1: Introduction to Certificates
There are numerous ways to apply public key infrastructure (PKI). There are probably as many unique solutions available as there are companies to apply them to. A one-size-fits-all PKI simply does not exist. And in a similar vein, there is no perfect PKI; there is almost always a tradeoff made during the process of PKI implementation.
For example, deploying an externally managed PKI may cut costs, such as internal headcount or the deployment of intranet infrastructure servers, while incurring other costs, including monthly maintenance fees. Another, more esoteric example is key size. Many cryptographic algorithms allow an administrator to select the size of the public key used for the PKI. As you may already know, the rule is that for any cryptography, the larger you make the key, the more secure the data becomes. So many executives and IT professionals will initially decide to use the largest key possible. And if there were no downsides, that would be a great choice. However, the drawback is that intense calculations must be made every time the key is used, and particularly when the key is generated. As a result, the system becomes far more secure but far slower.
You will almost certainly have some amount of compromise in your decision because, frankly, you do not have infinite resources at your disposal. Because there is no single best PKI solution, you need to be familiar with as many available options as possible. This familiarity helps you determine the best way to address the stated needs.
This guide is provided in four chapters. Each chapter focuses on a different aspect of the concepts and practical use of SAN certificates:
- Chapter 1: Introduction to Certificates - This chapter introduces broad PKI terms that are used throughout the guide. It provides a framework for the in-depth concepts and application of SAN certificates in later chapters. Although this chapter may be considered review material for some readers, it is important to understand this information to ensure that later chapters are effective.
- Chapter 2: SAN Certificates In Depth - This chapter is dedicated to getting down into the details of a SAN certificate. It will examine the certificate structures and metadata and will compare data between SAN and non-SAN certificates. It will also compare SAN certificates to wildcard certificates to understand the distinction between two somewhat similar products.
- Chapter 3: The Business Value of SAN Certificates - Written primarily for the BDM and TDM readers, this chapter discusses the business aspect of SAN certificates. It will examine the business costs and return on investment (ROI) drivers that apply to both SAN and other similar certification strategies. This chapter supports the business and organizational elements of the solutions discussed in Chapter 2.
- Chapter 4: Planning and Implementing a SAN - Enabled Certificate Strategy—This chapter discuss the details of actually implementing a SAN-enabled certificate strategy. Topics include analyzing existing systems and properly planning for a SAN certificate deployment. Ongoing operations-based tasks are also explored. This chapter is useful for the implementers in an organization, such as the IT generalist or specialist, and the planning elements apply to architects as well.