Hosting multiple subdomains for your website can help your business but can also be a daunting task to manage. Securing those subdomains with multiple SSL/TLS certificates only adds to the complexity, but luckily there is a simple solution available: a wildcard certificate.
The word ‘wildcard’ often refers to a symbol or letter that can be interpreted as any string of characters or an empty space. In the case of wildcard certificates, the character is an asterisk (
*) placed before your domain name.
A wildcard certificate from SSL.com can save you time and money compared to managing individual certificates for your subdomains. Let’s take a closer look at what exactly a wildcard certificate is and when it might be the right fit for your needs.
In computing, a “wildcard character” is a placeholder character (often an asterisk) that stands in for other characters. A “wildcard certificate” is an SSL/TLS certificate which includes a wildcard character to allow it to be used to protect a number of subdomains of a domain.
Because it casts a larger net than a traditional single-domain certificate, it reduces the work for the certificate owner to cover the number of subdomains associated with their domain. They allow much greater flexibility in adding new subdomains to existing sites than alternative options.
Wildcard certificates also tend to be cheaper than if you had purchased a separate certificate for each subdomain.
With a wildcard certificate from SSL.com, you can set up as many subdomains of your domain name as you want, and they’ll all be secured by a single SSL certificate. For example, a wildcard certificate issued for
*.ssl.com would cover multiple subdomains like
lookoutforthatfallingpiano.ssl.com. A wildcard will not, however, cover the ‘naked’ core domain. For example,
*.ssl.com will not protect
*.www.ssl.com will not protect
For the rules covering exactly how a wildcard certificate can and cannot be used, please refer to this FAQ.
This will cover any number of subdomains that may fall under your domain. You just set up your Wildcard certificate, and you’re good to go.
A “regular” certificate would be a single-domain SSL/TLS certificate. While a wildcard certificate only has one listed domain, the notation allows it the flexibility to cover a large range of subdomains, rather than just a single domain.
The most comparable certificate to a Wildcard certificate is what’s called a Subject Alternate Name (SAN) Certificate or Unified Communication Certificate (UCC). These are also referred to as multi-domain certificates or Exchange certificates.
A SAN or UC certificate is meant to secure up to 500 entries. Depending on the pricing model, you’ll likely pay extra for wildcard domains (
*.yoursite.com), or for any domain above a certain included threshold.
Where a UC certificate can cover a relatively high volume of domains, a Wildcard certificate can only cover one domain. This will cover any number of subdomains for the portion of the domain name represented by the wildcard asterisk in the certificate. A UC certificate can list many distinct domains in the SAN field.
Short answer: You certainly can!
There is certainly no technical reason wildcard domains can’t be incorporated into UCC certificates, and it is often the case that a wildcard domain in a UCC is not only the easiest solution, but the most affordable. In fact, it’s the only solution if you want multiple wildcards in a single SSL certificate.
SSL.com’s Multi-domain UCC can secure multiple sites and multiple subdomains, using fully qualified domain names, wildcard domains and more. To cover unlimited subdomains, just create the wildcard domains (i.e.
*.sitename.com) in the common name field or as a SAN (Subject Alternative Name) when you purchase your UCC.
You can even put other wildcards in the SAN fields such as
*.another.com, etc. You cannot however, put multiple wildcard levels such as
*.*. SSL.com will charge you just $129 per year to add your wildcard SSL to your UCC.
Yes, SSL.com issues High Assurance (OV) validated Wildcard SSL certificates. Customers purchasing an SSL.com Wildcard certificate will receive a DV Wildcard certificate after going through the standard domain validation process.
Your OV Wildcard certificate will be issued as soon as the additional verification steps are completed and confirmed. We’ll need to verify your company name, address, and phone number in an online business directory.
The business listing may be in an official government database, or with a service similar to Dun & Bradstreet. NOTE: Individuals can also qualify for OV Wildcard certificates by following the guidelines here.
Can I order an EV wildcard certificate?
Unfortunately, wildcard domains cannot use extended validation, per the CA/Browser Forum’s guidelines for Extended Validation (EV) certificates. The same guidelines require that each item contained in an EV certificate be individually vetted, which requires a unique identifier for each item.
If you’re looking for extended validation for multiple subdomains, an EV UCC may be the best option. An EV UCC allows for up to 500 entries (first three non-wildcard are included in the base price).