Wildcard certificate
A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain.[1]
Depending on the number of subdomains an advantage could be that it saves money and also could be more convenient.
Limitation
Only a single level of subdomain matching is supported.[2]
It is not possible to get a wildcard for an Extended Validation Certificate.[3]
A workaround could be to add every virtual host name in the Subject Alternative Name (SAN) extension.[4][5][6] The major problem being that the certificate needs to be reissued whenever a new virtual server is added.[7]
Wildcards can be added as domains in multi-domain certificates or Unified Communications Certificates (UCC).[8] In addition, wildcards themselves can have subjectAltName extensions, including other wildcards. For example: The wildcard certificate *.wikipedia.org has *.m.wikimedia.org as an Subject Alternative Name. Thus it secures https://www.wikipedia.org as well as the completely different website name https://meta.m.wikimedia.org.[9]
Example
In the case of a wildcard certificate for *.company.com, these domains would be valid:
- company.com
- payment.company.com
- contact.company.com
- login-secure.company.com
- www.company.com
Because the wildcard only covers one level of subdomains (the asterisk doesn't match full stops), these domains would not be valid for the certificate:
- test.login.company.com
See also
References
- ↑ Wildcard SSL certificate on Verisign.com
- ↑ Wildcard SSL certificate limitation on QuovadisGlobal.com
- ↑ No wildcard for an Extended Validation Certificate on Entrust.net
- ↑ x509v3_config-Subject Alternative Name
- ↑ The subjectAltName field
- ↑ The SAN option is available for EV SSL Certificates on Symantec.com
- ↑ Need to be reissued whenever a new virtual server is added
- ↑ Wildcard domains can be used within UCC on SSL.com
- ↑ SSLTools Certificate Lookup of Wikipedia.org's wildcard ssl certificate