What is used for the SAN entry when making an SSL certificate request, if using a load balancer with multiple OneClicks. 

Do we use the OneClick or the load balancer and can we put multiple oneClicks in the same cert and use the same on all?

• Both the load balancer and oneClick(s) DNS name or ips must be used when using a load balancer.
• each should be prefixed with dns: or ip:
• each should be comma separated.
• You can put multiple OneClicks in the same cert and share across those oneClicks if it meets your security requirements. 

-ext san=dns:xxx.acme.corp,dns:acme.corp,ip:10.10.10.10

SAN certificates can include up to 500 names under one certificate. This consists of the primary Common Name (CN) and Subject Alternative Names.

Supported name types include fully qualified domain names (FQDNs) like www.domain.com and mail.domain.com.

Wildcard names are also supported, such as *.domain.com. However, multi-level wildcards like *.sub.domain.com are not allowed. For example, *.example.com would match test.example.com but not test.sub.example.com. The wildcard applies only to one subdomain level.

The certificate can be used concurrently on as many servers as needed. There are no technical limitations on reuse.

The names on a SAN certificate can also be changed through re-issuance. No need to wait for expiration!

A SAN certificate’s public/private key pair secures all included names. However, the certificate can consist of diverse IPs and be installed with multiple private keys across your servers.