Wildcard certificate

A wildcard certificate is a public key certificate with which you can secure multiple subdomains.^[1]

Depending on the number of subdomains an advantage could be that it saves money and also could be more convenient.

Limitation

Only a single level of subdomain matching is supported.^[2]

It is not possible to get a wildcard for an Extended Validation Certificate.^[3] A workaround could be to add every virtual host name in the subjectAltName extension.^[4] The major problem being that the certificate needs to be reissued whenever a new virtual server is added. Thus all certificates need to be replaced every time.^[5]

Example

An example of the use of a *.company.com wildcard could be:

payment.company.com, contact.company.com, subscribe.company.com, login.company.com, etc.

But in order to secure fourth.payment.company.com you will need another (wildcard) certificate.^[6]

See also

• public key certificate

References

1. ^ Wildcard SSL certificate on Verisign.com
2. ^ Wildcard SSL certificate limitation on QuovadisGlobal.com
3. ^ No wildcard for an Extended Validation Certificate on Entrust.net
4. ^ The subjectAltName field
5. ^ Need to be reissued whenever a new virtual server is added
6. ^ Single domain name in RFC 2818 on ietf.org