Regular SSL certificates are only allowed for a single domain or subdomain. This means that buying an SSL certificate for example dot com will not give you SSL security for www.example dot com or secure.example dot com.
Most people can get away with only one SSL certificate, but what if you have a really big website that uses lots of subdomains? One SSL certificate will not work if you own a big website offering several services, like shop.buyshop dot com, mail.buyshop dot com, secure.buyshop dot com etc.You can say, "I can just get more SSL certificates, right?" but costs will become unbearably high not to mention the nightmare of having to manage several SSL certificates. Fortunately, you have the option to go for wildcard certificates that allow you to use one cheap SSL certificate on an unlimited number of subdomains.Wildcard? What's that? Before talking about the wildcard certificate, we should first talk about wildcards. In computer terminology, a wildcard is basically a sybol, usually an asterisk (*), what stands to be replaced by another character or string. Basically, an asterisk symbolstands for any word.
For example, *.example dot com refers to all subdomains of example dot com like mail.example dot com, secure.example dot com, news.example dot com, etc.If you look at an SSL certificate, you'll notice the "Common Name" field. It's the part that indicates the domain that will use the certificate. If you think that wildcard certificates use wildcards in the "Common Name" field, you're right. You might find Common Names like *.example dot com. If, in the future, you choose to get a wildcard certificate, you will be asked to supply the Common Name. Wildcard Certificates: Laying Down the BenefitsIf you want to save money on several subdomains, wildcard certificates are for you. At $150 each, a typical SSL certificate should be fine for those who only need it for a few subdomains, but costs will bloat to $750 in the event that you need SSL for five subdomains. On the other hand, $600 is the average prive for wildcard certificates. You can just imagine how much you're saving if you use more than five subdomains with SSL.
The websites of big companies will sometimes need SSL on over 30 subdomains.Wildcard certificates are popular for another reason - manageability. It's a daunting task to purchase, set up, and annually renew a dozen or so SSL certificates. Errors can easily happen when one person manages several SSL certificates all at once. It's a very difficult task. You lose a lot of time and money while putting effort into fixing SSL certificate errors. Just think about how that compares to worrying about just a single wildcard certificate. It's a simpler task to manage just a single certificate. It also reduces the chances of errors.The Bad Things about Wildcard CertificatesUsing wildcard certificates does have some drawbacks. The first thing that experts will point out is problems with security. Big websites are usually run by multiple servers, and by sharing one wildcard certificate, they share a single private decryption key. If a hacker manages to get access to the decrypiton key, the hacker also gets the ability to crack all encryptions made by each other serverIf, for some reason, your wildcard certificate is revoked, all subdomains will not work. Until you fix the wildcard certificate or get individual SSL certificates for each subdomain, you may have to put your website on down time.Finally, you should know that you cannot get wildcard certificates with Extended Verification (EV).
EV was basically invented to increase public confidence in SSL by enforcing more stringent guidelines to approving SSL applications. Wildcards in the Common Name are not allowed by EV guidelines. The green address bar feature only works in EV certificates, so you don't get that feature with wildcard certificates.
Source URL:
I don't possess enough knowledge about wildcard certificates or system but is trying to study them in detail. This article has helped me a lot in learning so many interesting things about wildcard certificates. Thanks a lot for posting.
electronic signature