Here’s why finding EV wildcard SSL certificates in the market is so challenging
How awesome it would be to secure all of your subdomains with one SSL certificate so that your organization’s name shows up before each in a browser’s web address bar alongside a padlock icon? Customers would feel highly confident while sharing their personal or financial information via blogs, check-out pages, or any other pages on your site to which you’ve devoted an entire subdomain.
However, there is no extended validation (EV) wildcard certificate available in the market as of now. No certificate authority (CA), whether they deal in paid SSL or free SSL certificates, is can offer EV wildcard SSL. We’ll speak more on why later. But for now, what you need to know is that you can choose from domain validation (DV) or organization validation (OV) wildcard SSL certificates. But there is still some options available in the market to secure your subdomains with extended validation.
Is There Another Way to Secure a Subdomain with Extended Validation Without an EV Wildcard SSL Certificate?
Yes, you can still secure a subdomain with an EV validation!
“Wait a sec — you just said there is no EV wildcard SSL available!”
Oh yeah. Let us tell you a secret! There is a way out — a small window is still open to help your secure subdomains with EV validation.
It’s called a multidomain SSL certificate!
How Can I Secure a Subdomain with a Multi Domain SSL Certificate?
With a multi domain SSL certificate, you can add a subdomain and show it as a separate SAN (subject alternative name domain).
So, for example, let’s say you have the following three domains and subdomains you’d like to cover:
In this case, either you have to buy a separate EV SSL for each of the three domains, or you can get an EV multi domain SSL certificate and secure all the domains and subdomains under a single SSL certificate.
Getting an EV multi domain SSL is a cost-efficient solution. Plus, you don’t have to go through CSR generation, EV validation, certificate installation, and certificate renewal processes for each domain and subdomains separately. You can take care of them all at the same time, so you can save time and effort along with money!
How Many Subdomains Can I Secure Under EV Multidomain SSL?
You can secure as many as 250 subdomains under a single EV multidomain SSL certificate.
Please note that there are generally three domains covered by a multi domain SSL certificate. You’ll need to pay additional money to add extra domains/subdomains.
Can I Secure the Second- or Third-Level Subdomains Under EV Multidomain SSL?
Absolutely! There is a significant difference between how wildcard SSL and multidomain SSL certificates work in terms of what they cover. For any wildcard SSL (DV or OV), you can secure only the first or immediate level of the subdomain. With a multidomain SSL, you can secure any level of subdomain under the same SSL certificate. You just need to show your subdomain as a separate SAN!
Let’s say you’ve bought a wildcard for the domain example.com. You can secure blog.example.com but can’t secure author.blog.example.com (a second level subdomain) under the same wildcard certificate. For that, you’ll need to buy a separate wildcard for blog.example.com. But a same multi domain SSL certificate can secure all these (example.com, blog.example.com and author.blog.example.com) under the same certificate.
How Much Does It Cost to Secure Subdomains with EV Validation?
Enough of this rosy talk! Now come to the $$$ part: Is it too expensive to secure all of my subdomains with EV validation?
Any EV certificate is going to be expensive because it takes an enormous amount of time and efforts to complete the rigorous validation process. Nothing is automated here, and all the validation is done manually, which requires a large number of staff and resources.
Luckily, there are certificate authorities like Sectigo (formerly Comodo CA) that can offer EV SSL at reasonable rates. As an authorized platinum partner of the world’s biggest certificate authority, and because we order SSL certificates in such large quantities from Sectigo, we can keep our costs low and offer the certificates to you at low price.
There are two most popular Sectigo EV multidomain SSL certificates available in the market.
|Positive SSL EV Multi-Domain||Sectigo EV Multi-Domain SSL|
|Encryption key length||256-bit||256-bit|
|Highest number of domains supported||Up to 250||Up to 250|
|Site seal type||Dynamic||Dynamic|
|Money back guarantee||30 days||30 days|
|Documents required for validation||Learn More||Learn More|
|Buy Now||Buy Now|
Why Can’t I Buy a Wildcard EV SSL Certificate?
The CA/B Forum (Certificate Authority/Browser Forum) strictly prohibits CAs from issuing wildcard EV SSL certificates. The primary concern is security, although cost likely plays a role as well.
As we said above, the extended validation process for any domain is manual and rigorous. This differs from a domain validation (DV) SSL certificate that simply validates the domain itself and doesn’t require any extended vetting of your organization. With EV, the certificate authority must vet all the details meticulously before issuing an EV SSL to any organization. After all, that’s why EV SSL certificates are highly respected by web browsers and users alike.
When you add a new domain or subdomain to an EV multi-domain SSL certificate, the CA goes through the entire validation process again for that new domain/subdomain. That’s why you need to pay extra for each additional subdomain you add after the limit of three domains. However, a wildcard SSL certificate covers an unlimited number of subdomains at no additional cost. No certificate authority on earth can afford to go through a separate manual EV validation process for free for every new domain/subdomain added. There will be an extremely high operational cost if they do so.
If that scenario happens, either overall prices for the SSL certificate will go unreasonably high, or the EV validation process might get compromised gradually.
Best Wildcard Certificates of 2020
|Features||PositiveSSL Wildcard (DV)||Sectigo SSL Wildcard Certificate (DV)||Sectigo OV Wildcard SSL|
|Domains Secured||Secure Unlimited Subdomains||Secure Unlimited Subdomains||Secure Unlimited Subdomains|
|Validation Level||Domain Validation||Domain Validation||Organization Validation|
|SSL Encryption||up to 256-bit||up to 256-bit||up to 256-bit|
|Key Length||2048 bits||2048 bits||2048 bits|
|SSL Site Seal||Included||Included||Included|
|Refund Policy||30 Days||30 Days||30 Days|
|OS Support [Desktop]||Yes||Yes||Yes|
|OS Support [Mobile]||Yes||Yes||Yes|
|Buy Now||View Product||View Product||View Product|