Wildcard SAN Certificates – All You Need to Know Before Buying

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)

A multi domain wildcard SSL certificate — or what’s sometimes referred to as a wildcard SAN, SSL SAN wildcard, or a wildcard multi domain certificate — combines the flexibility of a multi domain SAN certificate with that of a wildcard certificate. This provides coverage not only for multiple domains but also their accompanying subdomains at multiple levels as well as IPs. This versatile solution offers a cost-effective alternative to efficiently manage certificates for a host of websites and subdomains using a single certificate instead of having individual certificates for each site.

Let’s dive deeper into what a wildcard SAN certificate is and some of its key features.

What Is a Wildcard SAN Certificate?

An SSL SAN wildcard certificate is one that allows you to add multiple domains (similar to a multi-domain/SAN SSL certificate) with the added bonus of securing unlimited multi-level subdomains.

Consider the following example:

Bob, a successful entrepreneur, has multiple websites for his various lines of business, and each of these websites has numerous subdomains. Ever since Google’s decision to flag non-HTTPS websites as “not secure,” his firm has seen a loss in customers. Bob is determined to reverse his loss in sales. He’s also exasperated with the process of certificate management and is looking for a simple solution to solve his problem. 

Suppose he wants to secure the following websites:

  • www.site1.com
  • blog.site1.com
  • products.site1.com
  • www.site2.org
  • dev.blog.site2.org
  • test.blog.site2.org
  • www.site3.net

With wildcard SAN certificates, he can secure all the sites by citing them as subject alternative names (SANs) on a single certificate along with wildcard entries for subdomains.

  • *.site1.com (covers www.site1.com, blog.site1.com, products.site1.com)
  • *.site2.org (secures all first-level subdomains of site2.org)
  • *.blog.site2.org (secures all second-level subdomains of site2.org)
  • *.site3.net (secures all first-level subdomains of site3.net)

[Maybe add a line to tie up the story about Bob and transition into the next section]

Key Features of Wildcard SAN Certificate

Wildcard SAN SSL certificates offer the same level of encryption as other SSL/TLS certificates — the difference lies in their validation levels and functionalities.

Listed below are the features of wildcard SAN certificates:

  • 256-bit strong encryption with 2048-bit RSA signature key.
  • Supports domain validation (DV),  issued within minutes, as well as organization validation (OV), which typically takes one to three days.
  • One certificate secures multiple domains and an unlimited number of multi-level subdomains.
  • SAN wildcard support is enabled.
  • A site seal is included.
  • HTTPS-enabled with the padlock icon.
  • Unlimited certificate re-issuance.
  • Supported by all major client browsers and mobile devices.
  • Can be used on the same or multiple physical servers.
  • Reduced complexity due to simplification of the certificate management process for small and large-scale industries.
  • Reduced overall cost of enabling secure browsing across all the websites of the applicant’s business.
  • Additional benefits, such as vulnerability assessments and unlimited server licenses, are provided by some CAs along with the certificate.
  • Almost all CAs offer a warranty and refund policy for their wildcard SAN SSL certificate.

Key Factors to Consider Before Making Your Purchase

Now that we have a fair understanding of what a wildcard SAN SSL is, let’s look at some key points to gain a better insight into the product.

While filling in the certificate signing request (CSR), you must enter a non-wildcard entry as the common name. Please note that the certificate will not automatically secure the non-WWW versions of the wildcard domain entries, so you need to list them separately.

The certificate will list all the domains you have mentioned as SANs, and it will be made visible to all those who land on your website. If you do not wish site visitors to see them, then consider looking at different SSL/TLS certificate options.

Extended validation is not provided along with wildcard SAN SSL certificates due to security reasons. In case of a breach, since the private key is shared amongst all subdomains across servers, compromising a single site has an impact on the security of all the websites listed on the SSL/TLS certificate. If your server hosts a security-critical application, consider using a certificate that comes with extended validation.

Secure Unlimited Domains with One Wildcard SAN SSL Certificate – Save 50%

Save 50% on Sectigo Wildcard SAN SSL Certificates. It includes unlimited server licenses, reissuances, 256-bit encryption, and more.

Shop for Wildcard SAN SSL and Save 50%

Wildcard Vs SAN

The basic difference between wildcard and SAN certificate is:

A wildcard certificate – A wildcard secures one primary domain and all its registered first-level domains under one certificate.

SAN certificate – A SAN certificate can secure multiple domains (up to 250) and all their registered first-level subdomains under a single certificate.

In Summary

Apart from the factors discussed above, getting a wildcard SAN SSL certificate to secure your websites and enable HTTPS on them and their subdomains could be the ideal solution that your business needs.

The table below gives a quick run-through of some of the prominent features of this certificate:

A Wildcard SAN Certificate Overview
One certificate secures up to 250 domains and an unlimited number of subdomains at multiple levels, along with IPs. An asterisk is used at the subdomain level you’re trying to encrypt in the SAN fields of the CSR.
It uses 256-bit strong encryption with 2048-bit RSA signature key.
Example: *.site.com secures every subdomain at that level such as order.site.com, blog.site.com, etc. *.blog.site.com secures all second-level subdomains such as xyz.blog.site.com.
Available for DV and OV levels of validation only. Extended Validation (EV) is not an option for wildcard SSL certificates.