[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) Identity Security * [Human Identities](https://www.paloaltonetworks.com/idira/human?ts=markdown) * [Machine Identities](https://www.paloaltonetworks.com/idira/machine?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Frontier AI Defense](https://www.paloaltonetworks.com/unit42/ai-advantage?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Introducing Idira, the next-generation identity security platform.](https://www.paloaltonetworks.com/idira?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) 4. [Multi-Domain SSL Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate?ts=markdown) Table of Contents * [Machine Identity Security: The Definitive Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis?ts=markdown) * [Machine Identity Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#machine?ts=markdown) * [Four Pillars of Machine Identity Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#four?ts=markdown) * [Machine Identity in the Attacker Workflow: Unit 42 Observations](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#observations?ts=markdown) * [Cloud Security Implications and Identity Sprawl](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#cloud?ts=markdown) * [Implementing a Machine Identity Security Program](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#program?ts=markdown) * [Machine Identity Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity-security-mis#faqs?ts=markdown) * [What Is Workload Identity? Securing Non-Human Identities](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity?ts=markdown) * [Workload Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#workload?ts=markdown) * [The Core Components of Workload Identity Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#core?ts=markdown) * [Workload Identity in the Zero Trust Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#framework?ts=markdown) * [Disrupting the Attack Lifecycle with Workload Identity](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#disrupting?ts=markdown) * [Workload Identity and the AI Agent Security Challenge](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#challenge?ts=markdown) * [Workload Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity#faqs?ts=markdown) * [What Is a Non-Human Identity (NHI)? Machine Identity Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) * [Non-Human Identity Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#explained?ts=markdown) * [The Critical Distinction: Standing vs. Non-Standing Privileges](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#privileges?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#lateral?ts=markdown) * [Non-Human Identity and Zero Trust Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#alignment?ts=markdown) * [CIEM, IAM, and PAM Relationships in NHI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#security?ts=markdown) * [Strategic Management and Testing of NHIs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#strategic?ts=markdown) * [Non-Human Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity#faqs?ts=markdown) * What Is a Multi-Domain SSL Certificate? SAN \& UC Explained * [Multi-Domain SSL Certificates Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#explained?ts=markdown) * [How Multi-Domain SSL Works: The Power of SAN](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#how?ts=markdown) * [Core Types of Multi-Domain Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#core?ts=markdown) * [Strategic Benefits for Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#staregic?ts=markdown) * [Security Risks and Lateral Movement Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#security?ts=markdown) * [Implementation and Lifecycle Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#best?ts=markdown) * [Multi-Domain SSL FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#faqs?ts=markdown) * [What Is a Self-Signed Certificate? Risks, Uses \& Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate?ts=markdown) * [Self-Signed Certificates Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#explained?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#examples?ts=markdown) * [How It Works](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#how?ts=markdown) * [Self-Signed Certificate Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#best?ts=markdown) * [Risks \& Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#challenges?ts=markdown) * [Unit 42 Intelligence: Attack Patterns](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#patterns?ts=markdown) * [Self-Signed Certificates FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate#faqs?ts=markdown) * [What Is a TLS/SSL Port? Port 443 and HTTPS Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tsl-ssl-port?ts=markdown) * [TLS/SSL Ports Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tsl-ssl-port#explained?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-tsl-ssl-port#examples?ts=markdown) * [Secure vs. Unsecured Port Comparison](https://www.paloaltonetworks.com/cyberpedia/what-is-tsl-ssl-port#vs?ts=markdown) * [TLS/SSL Port FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tsl-ssl-port#faqs?ts=markdown) * [What Is PKI? Public Key Infrastructure \& Authentication Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-pki?ts=markdown) * [Key Data: Threats and Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#key?ts=markdown) * [Why PKI Matters for Modern Organizations](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#why?ts=markdown) * [How PKI Works: The Asymmetric Model](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#how?ts=markdown) * [Key Components of a PKI Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#key?ts=markdown) * [Common Risks and Implementation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#common?ts=markdown) * [PKI Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#best?ts=markdown) * [PKI in a Zero Trust Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#architecture?ts=markdown) * [Public Key Infrastructure (PKI) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-pki#faqs?ts=markdown) * [What Is the TLS Handshake? Process, Steps, and Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake?ts=markdown) * [The Strategic Importance of the TLS Handshake](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#importance?ts=markdown) * [How the TLS Handshake Works: Step-by-Step](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#how?ts=markdown) * [TLS 1.2 vs. TLS 1.3: Evolution of Speed and Security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#vs?ts=markdown) * [The Role of Cipher Suites and Digital Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#role?ts=markdown) * [Identifying and Resolving TLS Handshake Failures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#failures?ts=markdown) * [Advanced Security: TLS Fingerprinting and Threat Detection](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#advanced?ts=markdown) * [TLS Handshake Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#best?ts=markdown) * [TLS Handshake FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-tls-handshake#faqs?ts=markdown) * [Security Standards and Compliance: SSL/TLS Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-are-ssl-tls-security-standards-and-compliance?ts=markdown) * [SSL/TLS Security Standards and Compliance Explained](https://www.paloaltonetworks.com/cyberpedia/what-are-ssl-tls-security-standards-and-compliance#security?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-are-ssl-tls-security-standards-and-compliance#usecase?ts=markdown) * [SSL/TLS Compliance Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-are-ssl-tls-security-standards-and-compliance#compliance?ts=markdown) * [SSL/TLS Security Standards and Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-ssl-tls-security-standards-and-compliance#faq?ts=markdown) * [What is Code Signing? Benefits, Risks \& Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing?ts=markdown) * [Code Signing Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#signing?ts=markdown) * [Critical Benefits for Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#critical?ts=markdown) * [The Technical Mechanism: How Code Signing Works](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#mechanism?ts=markdown) * [The Necessity of Trusted Timestamping](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#timestamping?ts=markdown) * [Standard vs. EV Code Signing Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#vs?ts=markdown) * [Addressing Vulnerabilities in the Signing Process](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#page-anchor?ts=markdown) * [Code Signing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-code-signing#faqs?ts=markdown) * [What Is a TLS Decryption? Methods, Risks \& Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption?ts=markdown) * [TLS Decryption Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#explain?ts=markdown) * [How TLS Decryption Works](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#how?ts=markdown) * [Methods of Decryption: Passive vs. Active](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#methods?ts=markdown) * [The Role of TLS Decryption in Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#role?ts=markdown) * [Technical Challenges: TLS 1.3 and Performance](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#challenges?ts=markdown) * [Operational Best Practices and Privacy](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#operational?ts=markdown) * [TLS Decryption FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-decryption#faqs?ts=markdown) * [What Is a TLS Certificate? How TLS Secures Web Communication](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate?ts=markdown) * [TLS Certificate Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#explain?ts=markdown) * [The TLS Handshake Process](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#process?ts=markdown) * [TLS vs SSL Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#certificates?ts=markdown) * [Critical Use Cases For TLS](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#critical?ts=markdown) * [TLS Machine Identity Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#machine?ts=markdown) * [5 Pillars Of Certificate Management](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#pillar?ts=markdown) * [The Role Of Certificate Authorities](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#role?ts=markdown) * [Unit 42 Threat Insights: Certificate Abuse](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#abuse?ts=markdown) * [TLS Certificate FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate#faqs?ts=markdown) * [What Is TLS Certificate Renewal? Process, Risks \& Automation](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal?ts=markdown) * [TLS Certificate Renewal: The Shift from Maintenance to Mission-Critical](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#certificate?ts=markdown) * [Why the 47-Day Mandate Redefines Renewal Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#mandate?ts=markdown) * [The Technical Lifecycle of a TLS Renewal](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#technical?ts=markdown) * [Critical Risks: The High Cost of Renewal Failure](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#critical?ts=markdown) * [Best Practices for Enterprise-Scale Renewal](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#best?ts=markdown) * [Overcoming Common Renewal Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#common?ts=markdown) * [TLS Certificate Renewal FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-renewal#faqs?ts=markdown) * [What Is the TLS Certificate Lifecycle? Implementation Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle?ts=markdown) * [TLS Certificate Lifecycle Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#tls?ts=markdown) * [The 6 Core Stages of the TLS Certificate Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#core?ts=markdown) * [Why TLS Certificate Lifecycle Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#why?ts=markdown) * [Key Causes of Certificate Failure](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#key?ts=markdown) * [Validation Checks: CRL and OCSP](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#validation?ts=markdown) * [How Automation Improves TLS Certificate Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#how?ts=markdown) * [TLS Certificate Lifecycle and Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#tls?ts=markdown) * [TLS Certificate Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-certificate-lifecycle#faqs?ts=markdown) * [What Is Certificate Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management?ts=markdown) * [Certificate Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#certificate?ts=markdown) * [Core Capabilities of Certificate Management](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#core?ts=markdown) * [Common Challenges: The "Red Flag" Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#challenges?ts=markdown) * [How Certificate Management Supports Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#how?ts=markdown) * [Implementation Roadmap: Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#implementation?ts=markdown) * [Certificate Management vs. TLS Certificate Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#certificate?ts=markdown) * [Certificate Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management#faqs?ts=markdown) * [What Is Cert-Manager? Kubernetes Certificate Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager?ts=markdown) * [cert-manager Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#explained?ts=markdown) * [Core Components: Issuers and Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#core?ts=markdown) * [1. Issuers and ClusterIssuers](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#issuers?ts=markdown) * [2. Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#certificates?ts=markdown) * [How cert-manager Automates Machine Identity](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#how?ts=markdown) * [Common Compatible Cloud Platforms](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#common?ts=markdown) * [Zero Trust and Kubernetes Security Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#alignment?ts=markdown) * [Integrating cert-manager into DevSecOps Workflows](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#workflows?ts=markdown) * [Benefits for DevSecOps Teams](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#benefits?ts=markdown) * [cert-manager FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cert-manager#faqs?ts=markdown) * [TLS/SSL Offloading: Definition \& Decision Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading?ts=markdown) * [TLS/SSL Offloading Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#offloading?ts=markdown) * [SSL Termination vs. SSL Bridging](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#vs?ts=markdown) * [Key Differences in Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#key?ts=markdown) * [Unit 42 Perspective: Risks of Uninspected Traffic](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#unit42?ts=markdown) * [Benefits for Security and Infrastructure Teams](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#benefits?ts=markdown) * [CISO Decision Checklist: SSL Termination vs. SSL Bridging for Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#ciso?ts=markdown) * [Detailed CISO Decision Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#checklist?ts=markdown) * [Summary Recommendation for CISOs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#summary?ts=markdown) * [TLS/SSL Offloading FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-tls-ssl-offloading#faqs?ts=markdown) * [What Is an X.509 Certificate? Definition, Standards, and Role](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate?ts=markdown) * [X.509 Certificates Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#page-anchor?ts=markdown) * [The Anatomy Of An X.509 Certificate](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#anatomy?ts=markdown) * [Important X.509 v3 Extensions](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#page-anchor?ts=markdown) * [The X.509 Trust Hierarchy And Chain](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#hierarchy?ts=markdown) * [Machine Identity And Management Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#identity?ts=markdown) * [Risks Of Poor Certificate Management](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#risks?ts=markdown) * [Zero Trust And X.509 Alignment](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#alignment?ts=markdown) * [How Does X.509 Support Zero Trust?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#support?ts=markdown) * [X.509 Certificate FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate#page-anchor?ts=markdown) * [What Is Certificate Validation? Guide to Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation?ts=markdown) * [Certificate Validation Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#validation?ts=markdown) * [The Role of Certificate Authorities and the Chain of Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#role?ts=markdown) * [The Hierarchy of Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#trust?ts=markdown) * [The Sequence of the Validation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#process?ts=markdown) * [Types of Certificate Validation Levels](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#levels?ts=markdown) * [Unit 42 Insights: The Risk of Identity Exposure](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#insight?ts=markdown) * [Threat Behavior Observations](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#behavior?ts=markdown) * [Troubleshooting Common Validation Failures](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#troubleshoot?ts=markdown) * [Certificate Validation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-validation#certificate?ts=markdown) * [What Is Certificate Pinning? Benefits, Risks \& Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning?ts=markdown) * [Certificate Pinning Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#certificate?ts=markdown) * [How Certificate Pinning Works](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#how?ts=markdown) * [Listiche: Key Stages of a Pinning Failure](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#key?ts=markdown) * [Types of Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#types?ts=markdown) * [Listiche: Static vs. Dynamic Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#static?ts=markdown) * [Why Pinning Is Essential for Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#why?ts=markdown) * [Certificate Pinning vs. Standard SSL/TLS](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#certificate?ts=markdown) * [Benefits of Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#benefits?ts=markdown) * [Risks and Limitations of Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#risks?ts=markdown) * [When to Use Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#when?ts=markdown) * [When to Avoid Certificate Pinning](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#when?ts=markdown) * [Certificate Pinning Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#certificate?ts=markdown) * [Certificate Pinning and Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#identity?ts=markdown) * [FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-pinning#faqs?ts=markdown) * [What is Cloud Workload Security? Protection \& Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security?ts=markdown) * [Cloud Workload Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#cloud?ts=markdown) * [Why Cloud Workload Security Matters](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#why?ts=markdown) * [Key Components of a Cloud Workload Security Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#key?ts=markdown) * [Use Cases \& Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#use-cases?ts=markdown) * [Cloud Workload Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#practices?ts=markdown) * [Benefits of Strong Cloud Workload Security](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#practices?ts=markdown) * [Cloud Workload Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-workload-security#faqs?ts=markdown) * [What Is ACME Protocol?](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol?ts=markdown) * [ACME Protocol Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#dora?ts=markdown) * [How The ACME Protocol Works](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#how?ts=markdown) * [ACME Across The Machine Identity Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#across?ts=markdown) * [ACME Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#challenges?ts=markdown) * [Why ACME Matters For Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#why?ts=markdown) * [Implementation Patterns](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#implementation?ts=markdown) * [Real World Evidence](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#world?ts=markdown) * [Where ACME Secrets Leak In Real Life](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#where?ts=markdown) * [ACME Protocol FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-acme-protocol#faq?ts=markdown) * [What is SPIFFE? Universal Workload Identity Framework Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe?ts=markdown) * [SPIFFE Explained: Solving the Workload Identity Problem](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#explained?ts=markdown) * [Core Components of the SPIFFE Standard](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#core?ts=markdown) * [The SPIFFE Workload API](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#workload?ts=markdown) * [Why Traditional Secret Management Fails in Cloud-Native Environments](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#why?ts=markdown) * [The Problem of "Secret Zero"](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#problem?ts=markdown) * [Vulnerabilities of Static Credentials and Long-Lived Tokens](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#tokens?ts=markdown) * [IP-Based Security vs. Identity-Based Security](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#vs?ts=markdown) * [How SPIFFE Implementation Works: The Attestation Process](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#how?ts=markdown) * [The Role of SPIRE as the Reference Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#role?ts=markdown) * [Critical Use Cases for Enterprise Security](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#critical?ts=markdown) * [SPIFFE FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-spiffe#faqs?ts=markdown) * [What Is an SSL Stripping Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack?ts=markdown) * [Why SSL Stripping Belongs in Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#why?ts=markdown) * [SSL Stripping Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#sslstripping?ts=markdown) * [How SSL Stripping Works](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#how?ts=markdown) * [Where SSL Stripping Happens](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#where?ts=markdown) * [Signs of SSL Stripping](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#where?ts=markdown) * [Identity-Focused Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#identity?ts=markdown) * [Machine Identity Security Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#machine?ts=markdown) * [How to Prevent SSL Stripping](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#howto?ts=markdown) * [SSL Stripping Prevention Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#checklist?ts=markdown) * [SSL Stripping FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ssl-stripping-attack#faqs?ts=markdown) * [What Is a Machine Identity?](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) * [How Do Machine Identities Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#how?ts=markdown) * [Machine Identity Management (MIM) vs. Human IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#vs?ts=markdown) * [Architecture Components and Identity Types](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#types?ts=markdown) * [Secrets Management vs. Machine Identity Management](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#secrets?ts=markdown) * [Lateral Movement and Attacker Workflow](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#workflow?ts=markdown) * [Cloud Security Implications and CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#ciem?ts=markdown) * [Implementation Steps for Machine Identity Security](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#implementation?ts=markdown) * [Machine Identity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity#faqs?ts=markdown) # What Is a Multi-Domain SSL Certificate? 3 min. read [Explore Machine Identity](https://www.paloaltonetworks.com/idira/machine?ts=markdown) [Explore IDIRA](https://www.paloaltonetworks.com/idira?ts=markdown) Table of Contents * * [Multi-Domain SSL Certificates Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#explained?ts=markdown) * [How Multi-Domain SSL Works: The Power of SAN](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#how?ts=markdown) * [Core Types of Multi-Domain Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#core?ts=markdown) * [Strategic Benefits for Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#staregic?ts=markdown) * [Security Risks and Lateral Movement Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#security?ts=markdown) * [Implementation and Lifecycle Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#best?ts=markdown) * [Multi-Domain SSL FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#faqs?ts=markdown) 1. Multi-Domain SSL Certificates Explained * * [Multi-Domain SSL Certificates Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#explained?ts=markdown) * [How Multi-Domain SSL Works: The Power of SAN](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#how?ts=markdown) * [Core Types of Multi-Domain Certificates](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#core?ts=markdown) * [Strategic Benefits for Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#staregic?ts=markdown) * [Security Risks and Lateral Movement Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#security?ts=markdown) * [Implementation and Lifecycle Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#best?ts=markdown) * [Multi-Domain SSL FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate#faqs?ts=markdown) A Multi-Domain SSL Certificate is a specialized digital certificate that allows organizations to secure multiple distinct domain names and subdomains under a single certificate. By utilizing the subject alternative name (SAN) extension, a single certificate can protect diverse environments, such as example.com, shop.example.net, and internal-portal.local, drastically reducing administrative complexity and overhead. Key Points * **Efficient Consolidation**: Protects up to 100-250 unique domains with one certificate, depending on the CA. \* **Flexible Architecture**: Supports different Top-Level Domains (TLDs) like .com, .org, and .net simultaneously. \* **Streamlined Management**: Simplifies the renewal process by consolidating multiple expiration dates into one. \* **Zero Trust Foundation** : Enhances [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) by ensuring all web properties meet high encryption standards. \* **Cost Reduction**: Lowers the total cost of ownership compared to purchasing individual certificates for each domain. ## Multi-Domain SSL Certificates Explained In a traditional setup, every unique domain requires its own SSL/TLS certificate. For a global enterprise managing hundreds of microservices, regional sites, and staging environments, this creates a "certificate sprawl" that is nearly impossible to track manually. A Multi-Domain SSL certificate, often referred to as a SAN certificate or unified communications certificate (UCC), solves this by acting as a single security umbrella. Unlike a wildcard SSL, which only secures subdomains of a single base domain (e.g., \*.example.com), a multi-domain certificate can secure completely unrelated domains. This makes it the preferred choice for organizations with diverse brand portfolios or complex [cloud security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security?ts=markdown) requirements where assets are spread across different domains. ![Side-by-side comparison table titled “Multi-Domain vs. Wildcard Comparison.” The left column shows a multi-domain certificate with orange certificate icons covering two separate domains: company.com and global-sales.net. The right column shows a wildcard certificate with orange certificate icons covering subdomains under the same base domain, represented by blog.company.com and mail.company.com. The diagram highlights that a multi-domain certificate secures different domain names, while a wildcard certificate secures multiple subdomains of one domain.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/multi-domain-ssl-certificate/multi-domain-vs-wildcard-comparison.webp "Side-by-side comparison table titled “Multi-Domain vs. Wildcard Comparison.” The left column shows a multi-domain certificate with orange certificate icons covering two separate domains: company.com and global-sales.net. The right column shows a wildcard certificate with orange certificate icons covering subdomains under the same base domain, represented by blog.company.com and mail.company.com. The diagram highlights that a multi-domain certificate secures different domain names, while a wildcard certificate secures multiple subdomains of one domain.") ***Figure 1**: Multi-Domain vs. Wildcard Certificate Comparison* ## How Multi-Domain SSL Works: The Power of SAN The technical backbone of this certificate is the subject alternative name (SAN) field within the [X.509 certificate](https://www.paloaltonetworks.com/cyberpedia/what-is-an-x509-certificate?ts=markdown) standard. When a browser connects to a site, it checks the SAN field to see if the specific domain it is visiting is listed and authorized by the certificate. ### The SAN Configuration Process 1. **CSR Generation**: The administrator generates a certificate signing request (CSR) for the primary domain. 2. **Listing SANs**: During the application, the administrator lists all additional domains (SANs) to be included. 3. **Validation**: The certificate authority (CA) validates ownership for every domain listed in the SAN field. 4. **Deployment**: Once issued, the single certificate is installed on the server hosting those domains. | Feature | Multi-Domain (SAN) | Wildcard SSL | | **Domain Coverage** | Multiple unique domains (https://www.google.com/search?q=site-a.com, site-b.net) | Multiple subdomains (\*https://www.google.com/search?q=.site-a.com) | | **Flexibility** | High (Mix and match domains) | Low (Locked to one base domain) | | **IP Requirements** | Can secure multiple sites on one IP | Can secure multiple sites on one IP | | **Validation Level** | Domain (DV), Organization (OV), or EV | DV and OV only (EV wildcards are not permitted by CA/Browser Forum rules) | |----------------------|----------------------------------------------------------------------------------|---------------------------------------------------------------------------| ## Core Types of Multi-Domain Certificates Organizations must align their certificate type with their specific [zero trust](/content/pan/en_us/cyberpedia/what-is-zero-trust) requirements and the sensitivity of the data they protect. * **Standard Multi-Domain (DV)**: Quickest to issue; provides basic encryption and domain validation. Ideal for internal test environments. * **Organization Validated (OV)**: Requires business identity verification. This adds a layer of trust by showing the organization's name in the certificate details. * **Extended Validation (EV)**: The highest tier of identity vetting. Browsers no longer display EV distinctly from OV, so the practical benefit is documented identity verification rather than user-visible trust signals. * **Multi-Domain Wildcard**: A hybrid solution that allows you to secure multiple domains AND all their respective subdomains. ## Strategic Benefits for Modern Enterprises Consolidating your [network security](/content/pan/en_us/cyberpedia/what-is-network-segmentation) through multi-domain certificates provides more than just cost savings; it enhances operational resilience. ### 1. Operational Efficiency Managing 50 individual certificates means 50 different expiration dates. Multi-domain certificates synchronize these into a single renewal cycle, significantly reducing the risk of an accidental expiration that could lead to a site outage. ### 2. Simplified Server Configuration Server Name Indication (SNI) and multi-domain certificates are two approaches to hosting multiple sites on one IP. SNI presents different certificates per hostname. Multi-domain certificates use one certificate for many hostnames. Organizations often use both, with SNI to separate unrelated tenants and multi-domain certs to consolidate related sites. ### 3. Unified Security Standards Using a single certificate ensures that every site, from the main corporate portal to the smallest regional blog, uses the same high-strength encryption algorithms and key lengths, maintaining a consistent security posture across the entire cloud security footprint. ## Security Risks and Lateral Movement Considerations While Multi-Domain certificates simplify management, they introduce specific risks that Unit 42 researchers frequently highlight in [threat behavior](https://unit42.paloaltonetworks.com/) analysis. * **Credential Theft \& Shared Risk** : If the private key associated with a Multi-Domain certificate is compromised, every single domain listed on that certificate is now vulnerable. This "all-eggs-in-one-basket" scenario can facilitate [lateral movement](/content/pan/en_us/cyberpedia/what-is-the-principle-of-least-privilege), as an attacker gaining access to one site's traffic may find it easier to spoof or intercept traffic for another domain on the same certificate. * **Identity Exposure**: Because all SANs are publicly visible in the certificate, an attacker can use a Multi-Domain certificate to map an organization's entire infrastructure, discovering "hidden" staging or development domains that might be less secure. * **Blast Radius**: A certificate revocation due to a security breach affects all associated domains simultaneously, potentially causing a widespread service interruption. ## Implementation and Lifecycle Best Practices To maximize the benefits of Multi-Domain SSL while mitigating risks, organizations should follow these industry-standard practices: 1. **Apply Least Privilege**: Do not group highly sensitive production domains with low-security development domains on the same certificate. Use separate certificates to limit the impact of a compromise. 2. **Automate Renewals**: Use certificate lifecycle management (CLM) tooling or ACME-based automation to monitor certificate health and handle renewal before expiration. 3. **Strict Private Key Storage**: Store private keys in Hardware Security Modules (HSMs) or secure key vaults to prevent unauthorized access. 4. **Use Modern Protocols**: Ensure your certificates support TLS 1.3 to leverage the latest performance and security enhancements. 5. **Regular Audits**: Periodically review the SAN list to remove domains that are no longer in use, reducing your public-facing attack surface. ## Multi-Domain SSL FAQs ### Can I add more domains to a Multi-Domain certificate after it is issued? Yes, but it requires "re-issuing" the certificate. You add the new SANs, and the CA must validate the new domains before providing an updated certificate file for you to install. ### Are SAN and Multi-Domain certificates the same thing? Yes. "Multi-Domain" is the marketing term, while "SAN certificate" refers to the technical extension (Subject Alternative Name) that makes the multi-domain capability possible. ### How many domains can a single Multi-Domain certificate secure? Most Certificate Authorities allow between 100 and 250 domains per certificate, though the initial price usually covers the first 3 to 5 domains. ### Does a Multi-Domain certificate work on mobile devices? Yes, SAN certificates are compatible with all modern mobile browsers and operating systems, as they follow the standard X.509 certificate format. ### Why would I choose a Wildcard over a Multi-Domain certificate? Choose a Wildcard if you have an infinite or rapidly changing number of subdomains under one specific domain. Choose Multi-Domain if you need to secure different domain names. Related Content [Explore Certificate Management See how certificate management reduces risk across domains and services.](https://www.paloaltonetworks.com/cyberpedia/what-is-certificate-management?ts=markdown) [Manage Multi-Domain Certificate Trust See how IDIRA helps govern certificates and machine identities across domains.](https://www.paloaltonetworks.com/idira/machine?ts=markdown) [Explore Secrets Management Review how IDIRA helps protect private keys, secrets, and credential material.](https://www.paloaltonetworks.com/idira/secrets-management?ts=markdown) [Request a Machine Identity Demo Get a guided look at reducing certificate and machine identity risk with IDIRA.](https://www.paloaltonetworks.com/idira/request-demo?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Multi-Domain%20SSL%20Certificate%3F%20SAN%20%26%20UC%20Explained&body=Secure%20multiple%20domains%20and%20subdomains%20with%20one%20certificate.%20Learn%20how%20Multi-Domain%20SSL%20%28SAN%29%20works%2C%20its%20benefits%20for%20Zero%20Trust%2C%20and%20best%20practices.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-multi-domain-ssl-certificate) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) What Is a Non-Human Identity (NHI)? Machine Identity Security Explained [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-self-signed-certificate?ts=markdown) What Is a Self-Signed Certificate? Risks, Uses \& Best Practices {#footer} Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown) * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown) * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown) * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown) * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown) * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown) * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown) * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown) * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown) * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown) * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![Palo Alto Networks Logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language