Wildcard Certificates: If You Need SSL on Multiple Subdomains

It seems that lots of people have been looking for answers just like you, and the solution - wildcard certificates. You can get the same SSL certificate to work on an unlimited number of subdomains.

Wildcards?

You might be curious what "wildcard" means in "wildcard certificate". In computer terminology, a wildcard is basically a sybol, usually an asterisk (*), what stands to be replaced by another character or string. Put differently, an asterisk symbolrefers to any word. In our case, *.example dot com is used to represent all subdomains of example dot com: mail.example dot com, user.example dot com, news.example dot com, shop.example dot com etc.

The domain name that will use the SSL certificate is indicated in the certificate's "Common Name" field. Now, if you look at a wildcard Certificate, you'll notice the use of a wildcard. For example, *.bigbusiness dot com If you apply for a wildcard certificate sometime in the future, you will be asked to supply a Common Name, that's why it's important that you remember how to write wildcard domain names.

Reasons Why Wildcard Certificates are Popular

If you want to save money on several subdomains, wildcard certificates are for you. Typical SSL certificates at $150 each may be fine for people who need SSL on only a few subdomains, but what about five subdomains? That's $750! Think about how much money you can save if, let's say, you own a website with 10 subdomains needing SSL security. That's already $1,500. Comparing that to wildcard certificates that only cost $600 each, you save $900. The websites of big companies will sometimes need SSL on over 30 subdomains.

Manageability is another feature that people like in wildcard certificates. Handling a number of SSL certificates is a daunting task. Just imagine purchasing, setting up, and then annually renewing several SSL certificates, all at once! Errors can easily happen when one person manages several SSL certificates all at once. It's a very difficult task. All the time and effort that you put into fixing errors will cost you money. Compare that to having to worry about just one wildcard certificate. Having to manage one certificate is infinitely easier. Errors, in this case, become rare.

How about Drawbacks? Are there Any?

Wildcard certificates aren't perfect, though. There are some drawbacks. The first among them is security. By using one wildcard certificate, all servers hosting all subdomains share the same private decryption key. A hacker gains the ability to decrypt all encrypted messages that go to and from all servers if he manages to compromise just one of them and obtains the decryption key.

What if the wildcard certificate gets revoked? All subdomains that use the certificate will cease to function properly. You will be forced to put your website on down time until you get the wildcard certificate working again, or you get new SSL certificates for every single subdomain that needs SSL security.

Extended Verification (EV) does not work with wildcard certificates. Certificate providers must follow the rules that EV sets forth when they approve applications. EV was invented to increase public confidence in SSL. Wildcards in the Common Name are not allowed by EV guidelines. Also note that you won't get the green address bar feature with wildcard certificates, since it only works with EV certificates.