SSL/TLS is a secure protocol that establishes an encrypted communication channel between a web browser and a web server. It reduces the risk of sensitive information being exposed to or stolen by identity thieves or hackers.
An SSL/TLS certificate installed on the server serves the dual purpose of providing a secure channel for communication as well as authenticating the website’s identity.
There are different types of digital certificates offered by several big players in this market. We will be looking at two of them, namely wildcard and multi-domain wildcard SSL certificates, which are used to secure subdomains.
What is a Subdomain?
Since the name is a bit of a spoiler alert, you probably have an inkling of what a subdomain is. But for the sake of covering all the bases, let us consider an example.
Todd and Bob are two business partners who decide to build a website for their local fruit shop. Our friend Todd registers the domain www.fruitshop.com, where he writes all about who they are, where they’re located, etc. One day, Bob steps in and suggests that they create separate URLs for their products page and a blog page to help organize the website. He suggests:
- products.fruitshop.com, and
- blog.fruitshop.com.
In accordance with the DNS hierarchy, going from right to left in the web address products.fruitshop.com:
- the “.com” is the top-level domain,
- fruitshop.com is the second-level domain or the root domain,
- and products.fruitshop.com is the subdomain (or the third-level domain).
A subdomain, or a child domain, is a section of the root domain or the parent domain created for ease of navigation.
Do You Need SSL For Subdomain
If you are asking whether you need SSL for a subdomain, the answer is yes. An SSL certificate authenticates your identity and establishes a secure communication channel between the client and the website. If you don’t have SSL for your subdomain, it will create an opportunity for the criminals to intercept the conversation via the subdomain. So, securing every subdomain is imperative. But the good news is, you don’t have to buy separate SSL certificates for all your registered subdomains. A single wildcard certificate can secure your primary domain and all your first-level subdomains.
Securing My Subdomains with a Single SSL Certificate
So now that we have an idea about what an SSL certificate is and how it relates to subdomains, let’s explore how they come into play when securing subdomains.
First and foremost, it’s important to note that a single domain SSL certificate (or a standard SSL certificate) will only cover one domain. If generated with WWW, most certificate authorities (Cas) will secure the non-WWW version for free, but that’s about it. For large companies with multiple domains and subdomains, this is not a feasible solution since it gets hard to manage several certificates, and it’s not cost-effective. Both wildcard and multi domain wildcard SSL certificates, which we will discuss below, help to secure multiple subdomains using a single certificate.
Wildcard SSL Certificate
A wildcard SSL certificate is used if you have multiple subdomains that need to be secured at the same level. A single certificate is issued to encrypt your domain along with an unlimited number of subdomains.
For example, consider Bob from our previous example has another website www.site.com with 100subdomains:
- subdomain1.site.com,
- subdomain2.site.com,
- subdomain3.site.com, and so on.
Not only will individually securing these URLs be expensive, but managing them could be troublesome.
Instead, using a wildcard SSL, *.site.com will automatically secure all the 100 subdomains at one go using one certificate. Note that the asterisk is used to specify the level of the subdomain to be secured. In this case, *.site.com will secure everything at the third level, but the URL blog.subdomain1.site.com (fourth level subdomain) will not be encrypted.
Wildcard SSL certificates are available for two levels of validation – domain validation (DV) and organization validation (OV).
Secure Unlimited Subdomains with One Wildcard SSL Certificate – Save 50%
Save 50% on Sectigo Wildcard SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.
Multi-Domain Wildcard SSL Certificate
What if you have multiple lines of business with numerous domains and subdomains that need to be secured? The answer, in this case, is to use a digital certificate called multi domain wildcard SSL. A single certificate is issued to encrypt up to 250 domains along with their subdomains at multiple levels.
For instance, consider Bob from our previous example. In addition to a hundred subdomains, he has another website, www.example.com, with 10 subdomains –
- subdomain1.example.com,
- subdomain2.example.com,
- subdomain3.example.com, and so on.
Additionally, he also has two other domains — www.example2.net, and www.example3.org — which, in turn, have multi-level subdomains –
- subdomain1.example2.net,
- subdomain2.example2.net,
- blog.subdomain1.example2.net,
- products.subdomain1.example2.net, and so on.
To secure these, he can list *.example.com, *.example2.net, *.subdomain1.example2.net as subject alternative names, or SANs, on the certificate. Similarly, the SANs for the website www.example3.org can be listed on the certificate as per requirements.
Multi domain wildcard SSL certificates are available for two levels of validation – DV and OV.
Secure Up to 250 Multiple Domains with One Multi Domain SSL – Save 50%
Save 50% on Sectigo Multi Domain SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.
In Summary
The choice between a wildcard SSL and multi domain wildcard SSL certificate is an easy one. If, along with subdomains, you need a certificate that covers multiple fully qualified domain names (FQDNs), go for the multi domain wildcard certificate. If not, to secure your primary domain and its subdomains, a wildcard SSL certificate would be the perfect fit.