SSL/TLS certificates are the foundation of website security. They encrypt the data transferred between the client and server over the wire and provide third-party verification of the applicant’s business identity.
Wildcard Certificate Vs. Regular Certificate
Depending upon your business needs, you can get a single certificate for each domain that you want to secure or get a single certificate that can accommodate multiple domains and/or subdomains. All SSL certificates have a field called the website’s common name (also referred to as the host or the domain name) which dictates the domain to be covered by the certificate.
SSL certificates that cover a range of subdomains at a specific level are known as Wildcard certificates. The top-level domain remains the same, but the subdomain is different.
Consider an example:
Todd has a domain named www.site.com. He can request the CA to secure that single domain with a standard SSL certificate. When he does that most CAs will secure the non-www version for free. So, Todd will now get an SSL certificate for both www.site.com as well as site.com. Please note that the reverse is not true. Had Todd requested a certificate for a non-www version such as site.com the CA would not have issued a certificate with free coverage for www.site.com.
Now suppose www.site.com has multiple sub-domains such as:
- blog.site.com, etc.
There is a lot of work and money involved if Todd has to make a request to secure these subdomains individually, and he will end up managing multiple SSL certificates.
With a wildcard SSL certificate, *.site.com will automatically secure mail.site.com, order.site.com, product.site.com, blog.site.com, etc. The asterisk is used to specify the level, and it can only secure one level, not multiple levels. For example, a certificate for *.site.com will not secure test.blog.site.com.
|Single Name SSL Certificate||SSL Wildcard Certificate|
|One certificate for one single FQDN (fully qualified domain name), will not secure additional subdomains.||One certificate for an unlimited number of subdomains at a specific level.|
|Example: www.site.com||Example: *.site.com secures every subdomain at that level such as order.site.com, blog.site.com, etc.|
|256-bit strong encryption with 2048-bit RSA signature key||256-bit strong encryption with 2048-bit RSA signature key|
|Available for all levels of validation – DV, OV and EV||A single private key is shared amongst all sub-domains across servers. Unauthorized access to the certificate’s private key can be used to set up a rogue site with a valid SSL certificate giving it undue legitimacy. This sort of breach is hard to detect and impacts the security of all sub-domains, and for this reason, EV (Extended Validation) certificates are not issued in conjunction with wildcard SSL.|
Which SSL certificate do I need for my website?
Given the security considerations of a wildcard SSL, if there is only one domain to secure with no intention of adding more subdomains, it makes sense to go for a standard single-domain SSL certificate. However, if you have multiple subdomains and you can live without Extended Validation, it is reasonable to go for a wildcard SSL while taking extra measures against unauthorized access to the private key.
Secure a Website in Few Clicks – Save Up to 79%
Save 79% on Sectigo SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.