If you’ve done some SSL certificate research, you would notice that SSL providers only allow one domain to use one SSL certificate. This means that buying an SSL certificate for example dot com will not give you SSL security for http://www.example dot com or secure.example dot com. This may be okay if you have a small website, but this won’t do with bigger commercial websites. One SSL certificate will not work if you own a big website offering several services, like shop.buyshop dot com, mail.buyshop dot com, secure.buyshop dot com etc.

You might think that the problem may be easily solved by buying addional SSL certificates, but that will cost you several hundreds of dollars even for just a few additional SSL certificates. Fortunately, there is a cost effective and manageable solution to this problem – wildcard certificates. Now you can use the same SSL certificate on all your subdomains.

Wildcards?

The best way to introduce wildcard certificates is to first clarify what “wildcard” means. The word “wildcard” is a computer terminology that refers to a symbol that is meant to be substituted by another character or string. That symbol is usually an asterisk (*). Very simply, an asterisk symbolcould mean any other word. For example, to represent all subdomains of example dot com like shop.example dot com, mail.example dot com, secure.example dot com, and buy.example dot com, we simply write *.example dot com

The “Common Name” field in an SSL certificate indicates the domain in which the certificate will be used. If you think that wildcard certificates use wildcards in the “Common Name” field, you’re right. You might find Common Names like *.example dot com. If you apply for a wildcard certificate sometime in the future, you will be asked to supply a Common Name, that’s why it’s important that you remember how to write wildcard domain names.

Reasons Why Wildcard Certificates are Popular

The most obvious benefit to using wildcard certificates is to cut costs. Typical SSL certificates at $150 each may be fine for people who need SSL on only a few subdomains, but what about five subdomains? That’s $750! On the other hand, $600 is the average prive for wildcard certificates. You can just imagine how much you’re saving if you use more than five subdomains with SSL. It’s not uncommon for big companies to need up to 30 subdomains on SSL security.

Wildcard certificates are good for another reason, and that’s manageability. It’s not easy to purchase, set up, and then renew annually a number of SSL certificates. It’s an especially daunting task to the person managing the SSL certificates and errors may easily abound. All the time and effort that you put into fixing errors will cost you money. All that can’t comapare to thinking about just a single wildcard certificate. It’s a whole lot easier to manage a single certificate. It also reduces the chances of errors.

The Bad Things about Wildcard Certificates

Wildcard certificates aren’t perfect, though. There are some drawbacks. Security is the first that comes to mind. By using one wildcard certificate, all servers hosting all subdomains share the same private decryption key. This means that if someone manages to compromise one of your servers and retrieve the decryption key, every subdomain on every server that uses the same certificate is also compromised.

Let’s say the wildcard certificate is revoked. All subdomains that use the same certificate won’t be able to properly function. Then you’re basically shutting down your website until you either get the wildcard certificate working again, or you get certificates for every subdomain that needs SSL.

Finally, you should know that you cannot get wildcard certificates with Extended Verification (EV). You might be wondering what EV is. It’s a set of very strict guidelines that certificate providers use when giving out certificates. EV is meant to increase public confidence in SSL. EV guidelines do not allow wildcards in the certificate’s Common Name. The green address bar feature only works in EV certificates, so you don’t get that feature with wildcard certificates.

wildcard ssl certificate