Making Use of Wildcard Certificates

Most people can get away with only one SSL certificate, but this won't do with bigger commercial websites. An example that might need multiple SSL certificates is a website that offers different services like shopping.example dot com, mail.example dot com, secure.example dot com, and profiles.example dot com.

You might think that the solution is simple - just buy more SSL certificates, but what about cost? Your expenses will skyrocket if you get even just a few more SSL certificates. Fortunately, you have the option to go for wildcard certificates that allow you to use one SSL certificate on an unlimited number of subdomains.

Wildcard? What's that?

The best way to introduce wildcard certificates is to first clarify what "wildcard" means. In computer speak, a wildcard is a symbol that can be substituted by any other character or string. It's commonly represented by an asterisk (*). In other words, an asterisk stands for any word. For example, we can represent all subdomains of bigbusiness dot com like shop.bigbusiness dot com, mail.bigbusiness dot com, news.bigbusiness dot com simply as *.bigbusiness dot com.

The "Common Name" field in an SSL certificate indicates the domain in which the certificate will be used. Wildcard certificates are basically certificates with wildcards in the Common Name, like *. bigbusiness dot com. If you apply for a wildcard certificate sometime in the future, you will be asked to supply a Common Name, that's why it's important that you remember how to write wildcard domain names.

Reasons Why Wildcard Certificates are Popular

Cutting cost is the main benefit to using wildcard certificates. If you only use a few subdomains, you may be fine with typical SSL certificates that cost about $150 each. But once you need five subdomains, you will need to come up with $750. Let's say you own a big website with ten subdomains. You will be forced to spend $1,500 on SSL certificates. Wildcard certificates only cost $600 each. With wildcard certificates, you save $900. It's not uncommon for big companies to need up to 30 subdomains on SSL security.

Manageability is another benefit to using wildcard certificates. It's not easy to purchase, set up, and then renew annually a number of SSL certificates. It's not a good idea to let one person manage several SSL certificates because they may very easily make mistakes. Delays from fixing errors will cost you time and money. Just think about how that compares to worrying about just a single wildcard certificate. Having to manage one certificate is infinitely easier. It also reduces the chances of errors.

Drawbacks of Using Wildcard Certificates

Wildcard certificates aren't perfect, though. There are some drawbacks. The first thing that experts will point out is problems with security. Only one private decryption key is used by all the servers that use a single wildcard certificate. Several servers usually host multiple subdomains. This means that if someone manages to compromise one of your servers and retrieve the decryption key, every subdomain on every server that uses the same certificate is also compromised.

All subdomains will cease to work if the wildcard certificate is revoked for any reason. That basically means that you have to close your website until you either get a new wildcard certificate, or get a certificate for every single subdomain on your site.