ATLAS SAN Licensing FAQs - DRAFT
Dec 19, 2023
ATLAS SAN Licensing FAQs - DRAFT
What is SAN Licensing?
A SAN license enables customers to purchase a number of unique SANs that can be used for as many unique certificates as you may need. This is an ideal fit for companies that may issue many unique certificates for development purposes or IOT devices.
You are permitted to have up to the quoted number of unique SANs on active (not expired or revoked) certificates.
Some important things to keep in mind regarding your SAN license are:
- Each unique SAN counts as 1 SAN of your SAN license.
- Once a certificate expires or is revoked, SANs in that certificate will be returned to your SAN license.
- Wildcard SANs typically count as 5 SANs, but this is configurable per quote.
- You may have more than 1 product taking advantage of one license.
- The greater the number of SANs in the SAN license, the larger the discount, so bundling products may be cost-effective and permit the maximum flexibility.
- Your license quota may be increased during the active license period if you find you need more SANs.
- The price for a greater SAN license is prorated to align with the active license pricing.
- The SAN license may be renewed up to 30 days before (or, in some exceptions, after) the initial license expires.
- A SAN license may increase or decrease its limit upon renewal.
- As customer requirements change or as new TLS products are launched, new products may be added to an existing license (assuming they are of the same or lower tier or price).
Why do we need SAN licenses?
- TLS customers want to issue multiple Certificates to the same FQDN for load balancing, reissuing, and other applications, but they only want to be billed for a single SAN.
- We will permit multiple TLS products (services) to be included in one SAN license.
- This model is good for customers that have a high turnover of SANs within their dev environment or for customer demos or trial purposes (stand up servers, tear them down, and do it again with the same or different SANs).
A SAN license is similar to a Product Pack. They both have a price, a quota, and a list of Products (services) that are included. Product usage data will be fed from the Atlas backend to the Usage Database throughout the day, where it will be allocated to its parent SAN License and SANS counted appropriately.
What's counted as a unique SAN?
We count the total number of unique SANs in non-expired and non-revoked Certificates across all of the services that are specified by the SAN license. Specifically, we will count unique values from:
- SAN:DnsName
- SAN:IpAddress
- SAN:RFC822 (email addresses)
- SAN:OtherName:UPN - These are typically found just in client authentication Certificates.
Wildcard SANs will be counted as separate SANs. Typically, they count as 5, but this can be customized as part of your SAN license quote.
example.com and www.example.com count as two unique SANs. We will do case-insensitive matching when computing the number of unique SANs (e.g. WWW.example.com and www.example.com will count as one SAN).
The CN will always have a corresponding SAN value, so we don't need to count CNs.
How do I purchase a SAN License?
Please contact our Sales Team: https://www.globalsign.com/en/company/contact
Which Products can I have SAN Licensing for?
The following products can be purchased through a SAN license:
- TLS DV/OV
- IntranetSSL DV/OV
- ACME DV/OV
What are the product options when creating a SAN License?
You can customize the following options when purchasing your SAN license:
- Wildcard-enabled
- Wildcard multiplier (default is 5)
- Maximum license validity
- Key types (RSA & ECC are included by default)
How do I renew a SAN License?
Please contact your Account Manager who will create a renewed quota according to your needs. Your SAN license may be renewed up to 30 days before (or, in some exceptions, after) the initial license expires. You may increase or decrease your license limit when you renew.
How can I increase my existing SAN License Quota?
Your license quota may be increased during the active license period if you find you need more SANs. Please contact your Account Manager, who will increase your existing quota according to your needs.
Where can I view my Usage?
You can view the usage details in “SAN Licenses” in your ATLAS Atlas Portal.
How can I revoke a certificate so that SANs can be returned to my SAN license count?
- Go to “SAN Licenses” in the Atlas Portal, select the SAN license, and then select the SAN that you’d like to return to your license under the “Unique SANs” list. A modal window will display to confirm your decision.
- If you have multiple certificates that use the same SAN, you can choose to revoke those certificates as well by clicking either the Previous certificate or Next certificate buttons. Details for those certificates will display in the modal window for your review prior to revocation.
Please remember that certificate revocation is an irreversible action that cannot be undone. - Once your certificate(s) is revoked, the SANs used by that certificate will be returned to your SAN license count.
What if a certificate is going to expire but the SAN license is still active or valid?
As in the case of revocation, once a certificate expires, all of the certificate’s SANs will automatically be returned to your SAN license count.
Related Articles
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.