Frequently Asked Questions

Why do we need SAN licenses?

• TLS customers want to issue multiple Certificates to the same FQDN for load balancing, reissuing, and other applications, but they only want to be billed for a single SAN.
  • We will permit multiple TLS products (services) to be included in one SAN license.
• This model is good for customers that have a high turnover of SANs within their dev environment or for customer demos or trial purposes (stand up servers, tear them down, and do it again with the same or different SANs).

A SAN license is similar to a Product Pack. They both have a price, a quota, and a list of Products (services) that are included. Product usage data will be fed from the Atlas backend to the Usage Database throughout the day, where it will be allocated to its parent SAN License and SANS counted appropriately. 

What's counted as a unique SAN?

We count the total number of unique SANs in non-expired and non-revoked Certificates across all of the services that are specified by the SAN license. Specifically, we will count unique values from:

• SAN:DnsName
• SAN:IpAddress
• SAN:RFC822 (email addresses)
• SAN:OtherName:UPN - These are typically found just in client authentication Certificates.

Wildcard SANs will be counted as separate SANs. Typically, they count as 5, but this can be customized as part of your SAN license quote.

example.com and www.example.com count as two unique SANs. We will do case-insensitive matching when computing the number of unique SANs (e.g. WWW.example.com and www.example.com will count as one SAN).

The CN will always have a corresponding SAN value, so we don't need to count CNs.

Where can I view my Usage?

You can view the usage details in “SAN Licenses” in your ATLAS Atlas Portal.

What if a certificate is going to expire but the SAN license is still active or valid?

As in the case of revocation, once a certificate expires, all of the certificate’s SANs will automatically be returned to your SAN license count.