Understanding Wildcard SSL Certificates

Understanding a domain & subdomain

To better understand what a Wildcard SSL certificate is, we will need to understand the difference between a domain & subdomain.

A domain is a website address. An example is “trustico.com”; this will point you to Trustico’s website without needing to type in its IP address. To create a website, you will need to purchase a domain and whenever a customer needs to access your site, they will use your domain name to do so.

A subdomain is a website that is owned by a domain but is separate to the website itself. Subdomains are utilized for a wide range of purposes and see a lot of use by, for instance, e-commerce businesses. An example of a subdomain is “secure.trustico.com”. A subdomain is created by using a dot “.” before the domain with a set of words (in our example “secure”). A subdomain can be an entirely different website to the root domain website.

At Trustico, we have our website “trustico.com”, but when a customer is placing an order, the customer is redirected to “order.trustico.com”. This website is separate to our main website as it allows the customer to place an order, and manage their profile and purchases.

The above images display the examples of a subdomain along with the domain itself. Subdomains can be many levels deep as explained further in this article.

What is a Wildcard SSL certificate?

A Wildcard SSL certificate is designed to secure an unlimited number of subdomains on the domain level it is purchased for. The certificate will be issued to *.yourdomain.com for example. The * is then used and replaced with the subdomain when installed on your server. A Wildcard SSL certificate will only secure the single level it is purchased for.

The asterisk ‘*’ means “all”.

What will the certificate secure?

If you request your certificate for *.trustico.com.au, you can then secure the following examples (but not limited to):

You will notice the above subdomains are only of the one level and the * is replaced with the subdomain. The certificate issued to *.trustico.com.au will not secure the following examples:

These are not of the level purchased for and are considered another level above.

If you purchased the certificate for *.www.trustico.com.au then you would secure the following examples (but not limited to):

You will notice that all the above include www.trustico.com.au and the * only is replaced with the subdomain.  You will also notice that www.trustico.com.au is not listed as being secured. This is because www.trustico.com.au is not a root domain name. It is a subdomain of the root domain name “trustico.com.au”. “trustico.com.au” is also not secured as it is not of the level purchased for.

The root domain name will only be included in the purchase of the certificate when a first level subdomain wildcard is purchased.

What do I need to include in the CSR?

As given in the examples above, when you generate the CSR on your server you need to make sure that the certificate is purchased for the exact level you need to secure and for the exact domain name.

When creating a Wildcard CSR, the only difference between a single domain SSL Certificate and the Wildcard SSL Certificate is that you include an asterisk (*) at the beginning of the domain name to stipulate that you want the certificate purchased for a wildcard instead of a single domain name.

Example:
www.trustico.com.au will only have the certificate issued to the sole single domain name www.trustico.com.au.

*.trustico.com.au will not only protect the root domain (trustico.com.au), but also anything before the dot “.”

The exact procedure on how to generate a CSR differs from server to server. Online instructions on how to generate a CSR for most major server types can be easily found with a simple internet search. If you cannot find instructions for your server, we suggest referring to your server manual.

I need to install my Wildcard on an unlimited number of servers

All Wildcard SSL certificates purchased through Trustico come with an unlimited number of server licenses.

What does this mean?
This means that you can install your SSL Certificate on an unlimited number of physical servers at the same time with no disruption to any other installations. Need to install your SSL Certificate across 10 different servers? No problem, a Wildcard SSL Certificate is what you need.

What are the benefits and advantages of a Wildcard SSL certificate?

  • Cheaper: Wildcard SSL certificates are big money savers. When you have several subdomains in need of securing it can get costly purchasing an individual SSL certificate for each Subdomain. Not only that, but the server costs for individual IP addresses for each SSL certificate and domain name pair needs to be considered too. By simply purchasing a Wildcard certificate to cover all your subdomains, you eliminate these costs.
  • Easier Management: Management of the SSL certificate should also be considered. With installation, if all subdomains are on a single machine it would only require a single install of the Wildcard SSL Certificate. If you purchased an individual SSL certificate for each subdomain, each SSL Certificate would need to be installed on your server, taking up much more time than is necessary. When the SSL Certificate is up for renewal, you only need to renew the single Wildcard SSL Certificate, again saving you time.

How do I install a Wildcard SSL certificate?

There is no difference between installing a Wildcard SSL Certificate or a single site SSL Certificate on a server. This is why you will see no specific installation instructions for Wildcards for your server type.

It is highly recommended that you consult your server manual for the correct way to install an SSL Certificate. Reviewing the instructions should be done before installation to make sure that you are installing the SSL Certificate correctly the first time.

Trustico provides installation instructions for most major server types, which can be viewed on the link below:
www.trustico.com/install/how-to-install-ssl-certificate.php

Mobile Device Compatibility for Wildcards

Mobile Device have in the past had problems working with Wildcard SSL certificates, as the Wildcard symbol, the asterisk (*), was not recognized. Most modern mobile devices now support Wildcard SSL certificates, which are issued with 99.9% browser ubiquity. If you have questions about using mobile devices with a Wildcard certificate, contact Trustico customer support through our website’s Live Chat or via Telephone to speak to our highly trained agents in regards to other options available for you if a Wildcard SSL certificate is not suitable for your needs.

What Wildcard SSL Certificates do you offer?

Trustico offers several highly Trusted Wildcard SSL certificates from the most trusted brands of SSL certificate providers.

  • Trustico Wildcard
  • PremiumSSL Wildcard
  • Positive SSL Wildcard
  • Sectigo SSL Wildcard

What is the difference between them all?

The Wildcard SSL certificates are issued by brand as follows:

  • Sectigo (formerly Comodo CA) – Sectigo SSL Wildcard
  • Positive SSL – Positive SSL Wildcard
  • InstantSSL – PremiumSSL Wildcard
  • Trustico – Trustico Wildcard

The major difference between these Wildcard SSL certificates are that they are broken down into two categories. Domain Validated (DV) and Organisation Validated (OV).

Domain Validated (DV)

The following products are Domain Validated Wildcard Certificates:

  • Trustico Wildcard
  • Positive SSL Wildcard
  • Sectigo SSL Wildcard

DV SSL certificates can be issued within minutes, the only requirement is completion of domain control validation.

It is worth noting that these certificates are only validated for your domain name, meaning that only your domain name will be included in the SSL Certificate. There will be no identifying company information in the certificate whatsoever.

DV SSL Certificate Recommendations
DV Wildcard certificates are perfect for the start up business with low level transactions and visitors to their website, and for internal use where company information in the certificate is not necessary.

Organization Validated (OV)

The following products are Organization Validated Wildcard Certificates:

  • PremiumSSL Wildcard

OV SSL certificates are the highest standard of Wildcard available, you can’t get any better. As mentioned previously, the DV certificates only require domain control validation. OV SSL certificates are issued to your domain name and company. This means that your company details will be listed in the certificate and the site seal issued with the SSL certificate.

This adds a critical level of trust to your customers and website. It shows that not only is your website and domain name safe to purchase from, but also that your company is legitimate, trustworthy, registered within your country and ready for business.

OV SSL Certificate Recommendations
Everyone using a Wildcard SSL certificate on a public facing website or e-commerce website should purchase an Organisation Validated (OV) level SSL certificate. It is becoming increasingly important to instil the trust of not only your domain name and website, but company too, in potential customers.

Unfortunately, there is no such thing as an Extended Validation (EV) Wildcard SSL Certificate. This is because, due to each item on an EV SSL certificate needing individual vetting, a Wildcard is simply not compatible as it automatically secures all domains on the specified level.  

How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating / 5. Vote Count :