Activating the SSL protocol allows you to secure data exchanges between your website and Internet users. Security that has become essential in the eyes of users. To do this, you must first obtain a certificate from a Certification Authority , which verifies the validity of the domain name ( DV certificate ), or even the identity of the natural or legal person making the request and more ( OV or EV certificates ). But what happens when you need to secure multiple subdomains at once? This is where the wildcard certificate comes in .
Wildcard certificate: what is it?
You know it: an SSL certificate makes it possible to secure data exchanges between a server and a client. In its simplest form ( domain validation certificate ) it certifies at least that the applicant is indeed the owner of the domain name. But it happens that this domain is divided into several sub-domains… That a single SSL certificate cannot cover.
Indeed, a webmaster can manage a large number of resources linked to the same domain name. In this case, he needs a very specific certificate: the wildcard. The wildcard SSL option is used to extend SSL encryption to subdomains belonging to a specific domain.
Let’s imagine: you request an SSL certificate for a qualified domain name, such as “www.example.com”. This certificate is only valid for this particular domain name. But if you request a wildcard certificate , it will be issued for “*.example.com”, with the asterisk in front of the first dot replacing any conceivable subdomain. This allows you to secure subdomains belonging to the same domain name.
In short, the wildcard certificate (or wildcard SSL certificate ) allows you to use a single SSL certificate to cover all the subdomains of a website. It secures these according to the level of certification requested from the ad hoc Authority . And it meets the different needs of security protocols (HTTPS, SMTPS, POP3S).
Wildcard certificate VS SAN certificate
Just like the wildcard, the SAN certificate makes it possible to secure several domain names. But these two types of certification are actually very different from each other.
The wildcard certificate covers a domain as well as all related sub-domains: “primasecure.com”, “www.primasecure.com”, “webmail.primasecure.com”, “secure.primasecure.com”, etc. It is unlimited: once the SSL certificate has been issued, it already covers all existing and future sub-domains.
The SAN ( Server Alternative Name ) certificate makes it possible to simultaneously cover several different domain names, or sub-domains of several levels. Initially, this certificate was designed to secure mail servers hosted on the same device. It is limited: impossible to add other domains afterwards, except to request a new SAN certificate. In addition, depending on the Certification Authorities , the number of domains covered by the same certificate may vary.
Other differences exist, such as the fact that not all CAs offer SAN certificates while they issue wildcard certificates . Or that the latter are exclusively domain-validated or organization-validated, while only SANs can be extended-validated .
Be careful, however: the wildcard certificate covers only one level of subdomains . What is valid for “login.example.com” will not be valid for “login.test.example.com”. In this case, you must request two separate certificates: one for “*.example.com” and the other for “*.test.example.com”.
Also check: Asset Attack Vectors
What are the advantages of a wildcard SSL certification?
Obtaining a wildcard SSL certificate (rather than a simple SSL certificate) gives you many advantages. The wildcard allows you to:
- Secure a set of subdomains , without needing to issue a certificate for each of them. Even if these subdomains are hosted on multiple servers.
- Securing future subdomains : thanks to the activation of the wildcard SSL option , all your future subdomains are already covered by the certification. A practical option, while the number of subdomains is constantly increasing.
- Simplify your administrative management , especially when it comes to renewing the certificate.
- Reduce your costs drastically : you only need one SSL certificate for all your subdomains rather than obtaining separate certificates.
Of course, all is not rosy. The wildcard has a notable drawback: all your subdomains being covered by the same certificate, this means that they are protected jointly and not individually. If your wildcard certificate needs to be revoked because a subdomain has been compromised, all other subdomains will be affected as well. Global protection, global consequences.
Once you have chosen your type of certificate, all you have to do is contact your Certification Authority (such as CertEurope) and initiate the procedure. A few more steps, and your website will be perfectly secure!