1. Home
  2. Backup, Security & Performance
  3. SSL & Signing Certificates
  4. How Do Wildcard SSL Certificates Work?
  1. Home
  2. Backup, Security & Performance
  3. SSL & Signing Certificates
  4. How Do Wildcard SSL Certificates Work?

How Do Wildcard SSL Certificates Work?

A Wildcard SSL certificate is an incredibly versatile tool for encrypting a website and an unlimited number of sub-domains. It provides myriad advantages in the form of its flexibility, cost-effectiveness and ease of management.

But how do wildcard certificates work? Here’s an explanation of how a Wildcard certificate works both in theory and in practice.

How Wildcard SSL Certificates Work: Securing Unlimited Sub-Domains

A Wildcard, at its heart, is just an SSL certificate that allows all the sub-domains at one level to be encrypted along with the main domain:

Typically, an SSL certificate is will only protect a single subdomain. For example, if your SSL certificate is for www.maindomain.com, then it won’t work for blog.maindomain.com.

With a Wildcard Certificate, all subdomains on your main domain can be secured. Here are some examples of sub-domains:

  • mail.domain.com
  • login.domain.com
  • dev.domain.com

These are all examples of first-level sub-domains. They can all be secured with the same Wildcard. With no limit. A Wildcard can literally secure an infinite number of sub-domains on the same level.

  • member.mail.domain.com
  • login.mail.domain.com
  • dev.mail.domain.com

These are examples of second-level sub-domains. You would need an additional Wildcard to encrypt the sub-domains on this level, along with one to encrypt at the first sub-domain level.

How Wildcard SSL Certificates Work: Setup

From a technical standpoint, it comes down to the generation of the CSR. Comodo issues you an SSL certificate in which the common name is filled out as: *.yourdomain.com. It also includes a Subject Alternative Name (SAN) field that lists just your domain name, yourdomain.com.

The result is that the asterisk used at the designated sub-domain level allows the certificate to be used on any sub-domain that belongs to your domain. The SAN ensures that the certificate works without a sub-domain.

All you need to do is purchase a wildcard certificate, then generate a CSR with the wildcard character before your domain, like this: *.domain.com.

Simple, right?

Updated on September 12, 2019

Was this article helpful?

Yes No