What is Wildcard Domain SSL and How Does a Wildcard Domain Certificate Work?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)

A wildcard SSL certificate, or a wildcard domain SSL certificate as some people call it, is a special variant of SSL certificate that’s specifically designed to secure subdomains. A wildcard character in programming represents a variable that can be anything within a certain range. SSL/TLS is no different. The asterisk stands in at the subdomain level you’re trying to secure.

Have we lost you? Let’s start by talking about what happens when you get a wildcard domain SSL certificate, or what’s most commonly known as a wildcard SSL certificate.

Covering the Basics: How Wildcard Domain SSL Works

If that doesn’t make much sense, let’s zoom out a bit. When you get a wildcard SSL certificate, you start by generating a certificate signing request (CSR) with all of the information that’s going to be contained in it. When you’re generating said CSR, you list your domain in the fully-qualified domain name (FQDN) field, and then in the subject alternative name (SAN) field, you place an asterisk at the subdomain level you want to encrypt.

For instance, listing *.domain.com, would cover:

  • domain.com
  • domain.com
  • domain.com
  • domain.com

It also would cover any other subdomain at that level of the URL. An unlimited number, in fact. It can even be installed on subdomains that hadn’t been created at the time the certificate was issued!

What Else Do I Need to Know About Wildcard Domain SSL?

There are a couple things you should know about wildcard SSL certificates, though. For starters, they only secure subdomains on one level of the URL. Things get more complicated as you get to the second and third levels of the URL. If you want to secure multiple levels, you’ll either need to use multiple wildcards or a multi domain wildcard certificate, which can also function as a multi-level wildcard.

The other issue is key exposure. When you use the same key across lots of different endpoints, it increases the risk of the key getting cracked. Rather than just a single point to try and crack the key, the attacker can spread their attempts out across numerous subdomains, which can increase the number of attempts and the success rate.

The defense for this is regular key rotation and key exchange ciphers that provide perfect forward secrecy. This will help ensure all of the communication with your site stays confidential.

Need to buy a wildcard? We’ve got them at the internet’s lowest prices:

Purchase Wildcard SSL Certificates & Save Up to 80%

We offer the best discount on all types of Wildcard SSL Certificates from brands like Comodo, RapidSSL, Sectigo, and Symantec. Get a Comodo PositiveSSL Wildcard for as little as $52.95 per year!

Shop Cheap Wildcard SSL Certificates