How to Install a Wildcard SSL Certificate on Multiple Servers

Are you managing multiple subdomains spread across different servers? Manually installing separate SSL certificates for each one can be a headache.

Luckily, a Wildcard SSL certificate simplifies this by allowing you to secure all subdomains under a single certificate—across multiple servers! In this guide, we’ll walk you through the easiest way to install a Wildcard SSL certificate on multiple servers, ensuring all your subdomains stay encrypted and trusted by browsers.

What is a Wildcard SSL Certificate? (And Why You Need One!)

A Wildcard SSL certificate lets you secure your main domain and all its subdomains with just one certificate. For example, a Wildcard SSL for *.yourdomain.tld covers:

• www.yourdomain.tld
• shop.yourdomain.tld
• blog.yourdomain.tld
• support.yourdomain.tld

Instead of purchasing and managing multiple SSLs, you install it once and apply it everywhere—saving time, money, and effort!

Step 1: Generate a CSR (Easy & Free Online Tool Available!)

Before getting your Wildcard SSL, you need a CSR (Certificate Signing Request). This is like a digital fingerprint for your SSL.

Good news! You don’t need any tech skills for this—we offer a Free Online CSR Generator to create it in seconds. Just enter your domain name (*.yourdomain.tld), and it will generate the CSR and Private Key for you. If you prefer manual generation, here’s how:

For Linux (Apache, Nginx) Users:

For Windows (IIS) Users:

1. Open IIS Manager → Server Certificates → Create Certificate Request
2. Enter *.yourdomain.tld as the Common Name
3. Save the CSR and keep the Private Key safe!

Step 2: Order & Validate Your Wildcard SSL

Once you have your CSR, order a Wildcard SSL certificate from a trusted provider.

The Certificate Authority (CA) will ask you to verify domain ownership using one of these options:

• Email Validation – Click a confirmation link sent to an admin email ([email protected])
• DNS Validation – Add a TXT record or CNAME record in your domain’s DNS settings
• HTTP Validation – Upload a small file to your website

Once verified, your Wildcard SSL is ready to use!

Step 3: Install the Wildcard SSL Certificate on Your First Server

Now, let’s install your new certificate on the first server.

For Apache/Nginx (Linux) Users:

1. Upload the SSL files (yourdomain.crt, yourdomain.key, ca_bundle.crt) to your server
2. Edit your SSL configuration file
   LoadModule ssl_module modules/mod_ssl.so
   ( /etc/httpd/conf.d/ssl.conf or /etc/nginx/nginx.conf ):
   <VirtualHost *:443>
   ServerName yourdomain.com
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/yourdomain.crt
   SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
   SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
   </VirtualHost>
3. Restart Apache/Nginx to apply changes:
   systemctl restart apache2 # For Apache
   systemctl restart nginx # For Nginx

For Windows (IIS) Users:

1. Open IIS Manager → Server Certificates → Complete Certificate Request
2. Browse and upload your SSL Certificate (.crt)
3. Bind the certificate to your website in Site Bindings → HTTPS
4. Restart IIS: iisreset

Your first server is now secured!

Step 4: Export the SSL for Multi-Server Use

Since you need to install the same Wildcard SSL certificate on multiple servers, you must export it along with the private key.

• If You Used Our Online CSR Generator
  Good news! If you generated the CSR using our Online CSR Generator, you don’t need to export anything manually—simply use the same certificate files (wildcard .crt, private .key, and CA bundle .crt) on all your servers.
• For Linux Users (Apache, Nginx) – Manual Export
  If you manually generated the CSR on your first server, you need to create a .pfx file to transfer the SSL:
  openssl pkcs12 -export -out wildcard.pfx -inkey yourdomain.key -in yourdomain.crt -certfile ca_bundle.crt

  This .pfx file contains the SSL certificate, private key, and CA bundle, making it easier to install on multiple servers.

• For Windows (IIS) Users – Manual Export
  1. Open MMC (Microsoft Management Console)
  2. Go to Certificates → Personal → Export
  3. Choose Yes, export the private key and save it as a .pfx file with a password

Once exported, you can use this .pfx file to install the SSL on your additional servers.
Hooray! All your servers are now secured with the same Wildcard SSL!

Step 6: Verify & Maintain Your SSL

After installation, always double-check your SSL:

• Use an SSL Checker: SSL – Checker will help you here:
  https://www.sslshopper.com/ssl-checker.html#hostname=
• Check in Browser: Visit your subdomains (https://sub.yourdomain.tld) and look for “Connection is secure” in the browser’s security settings
• Test via Command Line:
  openssl s_client -connect yourdomain.tld:443 -servername yourdomain.tld

Using a Wildcard SSL certificate saves you time and effort by securing all your subdomains on multiple servers with just one certificate. Follow this guide to set it up smoothly and keep your website safe!