Is it possible to secure multiple domains with a single certificate using wildcard domains and a SAN?
For example, one SAN certificate that secures both *.domain1.com and *.domain2.com?
Everything I have read so far seems to indicate that you can have either a wildcard certificate (*.domain1.com) OR a SAN certificate (host1.domain1.com, host2.domain2.com), but not a combination. Is this correct?
I assume you use want to use the certificate for HTTP. In this case you need to look at RFC 2818. This RFC clearly defines that common name should only be used if no subject alternative names are configured, but it allows wildcards certificates in the SAN extension. So it should be possible to combine several non-wildcard and wildcard certificates inside the SAN part of the certificate.
It looks like various CAs have different policies about creating certificates mixing wildcard and non-wildcard: While Thawte argues that mixing is not possible (https://community.thawte.com/blog-posts/difference-between-wildcard-ssl-vs-san-certificate) DigiCert propagates it as the best of both worlds (http://www.digicert.com/ssl-support/wildcard-san-names.htm). So it seems to be more a limitation of the CAs and not of the browsers and definitely not of the standard.