SSLmentor

Quality TLS/SSL certificates for websites and internet projects.

Client Login
WildCard Certificate

WildCard Certificate

WildCard SSL Certificate

A WildCard SSL certificate is a certificate with a wildcard character (*) in the domain name field, often referred to as a star certificate, enables HTTPS communication for a domain and an unlimited number of subdomains. Let’s explore WildCard certificates.

Article Contents

What is a WildCard Certificate?

A WildCard SSL certificate, a.k.a. star certificate, enables HTTPS communication for a domain and an unlimited number of subdomains. Yes, an unlimited or arbitrary number of subdomains without needing to define their names. This is the biggest advantage of the WildCard SSL Certificate, which makes these certificates very popular not only among businesses but also for various projects where multiple subdomains need to be secured.

The ability to secure an unlimited number of subdomains is achieved by placing an asterisk (*), or star, in the certificate before the domain name. The asterisk (*) acts in the certificate as a “wild card,” and browsers accept any valid characters in place of the asterisk before the domain (Wildcard certificate – wiki). The basic price of a WildCard SSL certificate is higher than for individual domains. But already with a certain number of subdomains, the costs break even, and if we add to that the easier management, it pays to get WildCard SSL even if you need to secure several subdomains.

WildCard certificate

Features of WildCard Certificates

A single SSL certificate issued for a primary domain (*.domain.com) can secure an unlimited number of subdomains, such as:

  • www.domain.com
  • one.domain.com
  • two.domain.com
  • admin.domain.com
  • wiki.domain.com
  • test.domain.com
  • test2.domain.com
  • etc.

The CSR request for a WildCard certificate is generated in the same way as a CSR request for a standard SSL certificate. Instead of the domain name, the domain with an asterisk, e.g., *.domain.com, is entered into the Common Name (CN) field.

WildCard certificates are also issued to secure a standalone second-level domain. This means that the domain name domain.com is also secured without the need for "www" before the domain. If someone uses the main website at https://domain.com, they can ensure secure communication with this certificate.

It is important to note that a separate certificate must be purchased for each higher domain level. For instance, to secure fourth-level subdomains like admin.subdomain.domain.com, a separate WildCard SSL certificate *.subdomain.domain.com must be obtained. This certificate then enables HTTPS security for an unlimited number of domains at that level.

Validation of WildCard Certificates

The validation process for WildCard SSL certificates is the same as for single-domain certificates. However, only email or DNS validation is available. Validation emails are sent to one of the following addresses: admin@, administrator@, webmaster@, hostmaster@, or postmaster@. For DNS validation, a token is generated and placed in the domain’s TXT record in DNS. FTP validation is not possible.

WildCard SSL certificates are available in two variants – domain-validated and organization-validated. Domain-validated WildCard SSL certificates can be obtained and deployed on servers within minutes. Organization-validated WildCard SSL certificates offer a higher level of verification and security, making them suitable for larger businesses and organizations that need to protect their main domains and subdomains with higher trust.

WildCard SSL

Disadvantages of WildCard Certificates

Disadvantages include the cost of the certificates, which is significantly higher than SSL certificates for securing a single domain. They only become cost-effective when securing multiple subdomains.
Another drawback can arise when the certificate needs to be revoked due to private key compromise. If the certificate is used on multiple servers, it must be replaced everywhere. It is not advisable to use a single WildCard certificate to secure the main domain’s web server, MS Exchange, subdomains, and internal servers when multiple administrators or providers have access.
Extended Validation (EV) WildCard SSL certificates cannot be obtained. No certification authority issues such certificates.

Alternative to WildCard

Multiple domains can also be secured using multi-domain SSL certificates. The key difference is that multi-domain certificates secure up to 250 domains at once and require precisely listed domain names at the time of purchase. While it is possible to add domains to the certificate during its validity, the process requires revalidation.
The advantage of multi-domain certificates is the ability to secure any domain names. For example, a single certificate can include domains like COM, EU, CZ, SK, DE, and more. Before deciding which certificate to choose, it is important to consider not only the certificate cost but also all requirements for securing specific domains.

The latest types of multi-domain SSL certificates, known as FLEX, offer the ability to combine standard domain names with Wildcard (*) names. Thanks to this, a large number of domains can be effectively secured with a single certificate, which is an ideal solution for administrators and larger companies.

WildCard SSL Certificates on the SSLmentor project

On our website, you will find high-quality and trusted WildCard SSL certificates from selected certification authorities.

Where next?

Back to Help
Found an error or don't understand something? Write us!

CA Sectigo
CA RapidSSL
CA Thawte
CA GeoTrust
CA DigiCert
CA Certum