These certificates are also referred as Multiple Domain or UCC and can be a mix of wildcards and Multi-Domains. So the Subject Alternate Name field could have multi sites or even with multiple wildcards.
The Subject alternate Names field in the certificate will always show you he hosts that it can protect & regardless if they are wildcards or not.
e.g ( using openssl to read a x509 certificate details for multi domains)
And by picking a few hosts outs, we can match the certificate serial # to know that the same certificate is being used for the sites listed.
e.g ( using openssl to validate cert serials # )
This goes back to certificate chain of trust and anywhere along that chain that compromised can impact host(s). A attacker that compromise this certificate by gaining access to the private-key could in fact gain access to encrypted data for any of the domains list in the Subject Alternate Name.
- The advantage; of multiple Subject Address Names, you can protect multiple sites with just one certificate ( great for a webhosting business )
- The price could be better from a web-hosting or a enterprise corp that has multiple satellite DBA and where a "*" wildcard is not applicable
- From a SSL decryption the multiple names allows for a 1 configuration or ssl-decryption-policy for X amount of sites
- The dis-advantage, if the certificate is compromised and revoke, you can effect multiple sites from a risk , time or cost factor
- Any of the foreign website that uses this private-key for the certificate and has access , could potential have access to your data if they where MiTM ( man in the middle )
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=