Regular SSL certificates are only allowed for a single domain or subdomain. What does this mean? The SSL certificate you bought for example dot com cannot be used for secure.example dot com or mail.example dot com. People operating small websites may be fine with this setup, but what if you have a really big website that uses lots of subdomains? A big website such as this one comes to mind: secure.example dot com, shop.example dot com, mail.example dot com and buy.example dot com.
You may buy SSL certificates for every additional subdomain on your website, but that will be a nightmare both with cost and management. Just imagine paying for and managing four or more SSL certificates! Wildcard certificates are the answer. They allow you to use just one SSL certificate on an unlimited number of subdomains.
So What Exactly is a Wildcard?
The best way to introduce wildcard certificates is to first clarify what “wildcard” means. A wildcard is usually represented by an asterisk (*). In computer terms, it’s a symbol that stands for substitution by any other string or character. In other words, an asterisk stands for any other word. For example, we can represent all subdomains of bigbusiness dot com like shop.bigbusiness dot com, mail.bigbusiness dot com, news.bigbusiness dot com simply as *.bigbusiness dot com.
The domain name that will use the SSL certificate is indicated in the certificate’s “Common Name” field. Now, if you look at a wildcard Certificate, you’ll notice the use of a wildcard. For example, *.bigbusiness dot com Remember this because, you will be required to enter the Common Name if you choose to go for a wildcard certificate.
Reasons Why Wildcard Certificates are Popular
The most obvious benefit to using wildcard certificates is to cut costs. If you only use a few subdomains, you may be fine with typical SSL certificates that cost about $150 each. But once you need five subdomains, you will need to come up with $750. Let’s say you own a big website with ten subdomains. You will be forced to spend $1,500 on SSL certificates. Wildcard certificates only cost $600 each. With wildcard certificates, you save $900. Believe it or not, most big companies will need SSL security on up to 30 subdomains.
Manageability is another feature that people like in wildcard certificates. Purchasing, setting up, and renewing a dozen SSL certificates will be a complex task. It’s an especially daunting task to the person managing the SSL certificates and errors may easily abound. You lose a lot of time and money while putting effort into fixing SSL certificate errors. All that can’t comapare to thinking about just a single wildcard certificate. Having to manage one certificate is infinitely easier. It’s easier to minimize errors.
Wildcard Certificate Drawbacks
Wildcard certificates aren’t perfect, though. There are some drawbacks. Security is the first that comes to mind. Several subdomains are usually hosted by multiple servers, and sharing one wildcard certificate, only one private decryption key is used. If a hacker manages to get access to the decrypiton key, the hacker also gets the ability to crack all encryptions made by each other server
All subdomains will cease to work if the wildcard certificate is revoked for any reason. Then you’re basically shutting down your website until you either get the wildcard certificate working again, or you get certificates for every subdomain that needs SSL.
Extended Verification (EV) does not work with wildcard certificates. EV was basically invented to increase public confidence in SSL by enforcing more stringent guidelines to approving SSL applications. EV guidelines do not allow wildcards in the certificate’s Common Name. Also note that you won’t get the green address bar feature with wildcard certificates, since it only works with EV certificates.
Wildcard SSL Certificates: If You Need SSL on Mult 