What is Wildcard Domain SSL and How Does a Wildcard Domain Certificate Work?

A wildcard SSL certificate, or a wildcard domain SSL certificate as some people call it, is a special variant of SSL certificate that’s specifically designed to secure subdomains. A wildcard character in programming represents a variable that can be anything within a certain range. SSL/TLS is no different. The asterisk stands in at the subdomain level you’re trying to secure.

Have we lost you? Let’s start by talking about what happens when you get a wildcard domain SSL certificate, or what’s most commonly known as a wildcard SSL certificate.

Covering the Basics: How Wildcard Domain SSL Works

If that doesn’t make much sense, let’s zoom out a bit. When you get a wildcard SSL certificate, you start by generating a certificate signing request (CSR) with all of the information that’s going to be contained in it. When you’re generating said CSR, you list your domain in the fully-qualified domain name (FQDN) field, and then in the subject alternative name (SAN) field, you place an asterisk at the subdomain level you want to encrypt.

For instance, listing *.domain.com, would cover:

  • domain.com
  • domain.com
  • domain.com
  • domain.com

It also would cover any other subdomain at that level of the URL. An unlimited number, in fact. It can even be installed on subdomains that hadn’t been created at the time the certificate was issued!

What Else Do I Need to Know About Wildcard Domain SSL?

There are a couple things you should know about wildcard SSL certificates, though. For starters, they only secure subdomains on one level of the URL. Things get more complicated as you get to the second and third levels of the URL. If you want to secure multiple levels, you’ll either need to use multiple wildcards or a multi domain wildcard certificate, which can also function as a multi-level wildcard.

The other issue is key exposure. When you use the same key across lots of different endpoints, it increases the risk of the key getting cracked. Rather than just a single point to try and crack the key, the attacker can spread their attempts out across numerous subdomains, which can increase the number of attempts and the success rate.

The defense for this is regular key rotation and key exchange ciphers that provide perfect forward secrecy. This will help ensure all of the communication with your site stays confidential.

Need to buy a wildcard? We’ve got them at the internet’s lowest prices:

Purchase Wildcard SSL Certificates & Save Up to 80%

We offer the best discount on all types of Wildcard SSL Certificates from brands like Comodo, RapidSSL, Sectigo, and Symantec. Get a Comodo PositiveSSL Wildcard for as little as $54.95 per year!

Shop Wildcard SSL Certificates and Save Up to 80%

What an SSL Common Name Wildcard Error Is and How to Fix It

Having wildcard(*) SSL certificate in common name (CN) issues? Here’s what you can do about it

Are you having issues with your wildcard SSL certificate, or have you seen a message akin to “WILDCARD(*) SSL CERTIFICATE IN COMMON NAME (CN)?” The second half of this question is actually a fairly misleading one because it’s a hyper-specific error that is really just a variant of a more common wildcard SSL error. So, if you have a wildcard SSL certificate installed on your server and you’re running into this issue, keep reading.

Read More

Why Is My Wildcard SSL Not Working on a Second Level Subdomain?

An In-Depth Look at Why a Wildcard SSL Certificate Causes a Domain Mismatch Error on a Second Level Subdomain

We know, you’re here because your wildcard SSL is not working on a second level subdomain for some reason. To help you understand why, we first need to tell you a bit about wildcard SSL certificates and what they do and don’t secure. The digital certificate industry is, at times, needlessly opaque about what its products actually do. The wildcard is one of the biggest offenders. It’s often marketed as securing “unlimited subdomains.” And that’s partially true — with one important caveat:

Read More

How to Install a Wildcard SSL Certificate on IIS 7 and IIS 8

Your guide on how to effectively install a wildcard SSL certificate on your Microsoft server

Needing to know how to install a wildcard SSL certificate on IIS but aren’t sure where to start? No worries. We’ve got you covered. Heck, we’ve even included some screenshots of the steps to help you along the way. We’re no strangers to this process — we’ve even written other resources such as how to install wildcard SSL certificates on multiple servers.

Read More