Just buying more SSL certificates might be an easy fix, but what about cost? Your expenses will skyrocket if you get even just a few more SSL certificates. The good news is that there is a solution - wildcard certificates. You can get SSL on as many subdomains as you want.

So What Exactly is a Wildcard?

The best way to introduce wildcard certificates is to first clarify what "wildcard" means. In computer speak, a wildcard is a symbol that can be substituted by any other character or string. It's commonly represented by an asterisk (*). Basically, an asterisk refers to any other word. For example, *.example dot com refers to all subdomains of example dot com like mail.example dot com, secure.example dot com, news.example dot com, etc.

The "Common Name" field in an SSL certificate indicates the domain in which the certificate will be used. In wildcard certificates, the Common Name field contains a single wildcard, like *.example dot com. It's important that you understand this because you need to supply the Common Name when applying for a wildcard certificate.

Reasons Why Wildcard Certificates are Popular

If you want to save money on several subdomains, wildcard certificates are for you. At $150 each, a typical SSL certificate should be fine for those who only need it for a few subdomains, but costs will bloat to $750 in the event that you need SSL for five subdomains. Think about how much money you can save if, let's say, you own a website with 10 subdomains needing SSL security. That's already $1,500. Comparing that to wildcard certificates that only cost $600 each, you save $900. Believe it or not, most big companies will need SSL security on up to 30 subdomains.

Manageability is another feature that people like in wildcard certificates. Most people will cringe at the thought of having to purchase, set up, and then renew annually several SSL certificates. It’s an especially daunting task to the person managing the SSL certificates and errors may easily abound. Fixing errors will cost you time, and with websites, downtime costs a lot of money. All that can't comapare to thinking about just a single wildcard certificate. It's a simpler task to manage just a single certificate. Chances of errors are easily reduced.

Wildcard Certificate Drawbacks

Unfortunately, wildcard certificates do have some drawbacks. The first is security. By using one wildcard certificate, all servers hosting all subdomains share the same private decryption key. If a hacker manages to get access to the decrypiton key, the hacker also gets the ability to crack all encryptions made by each other server

What if the wildcard certificate gets revoked? All subdomains that use the certificate will cease to function properly. Then you're basically shutting down your website until you either get the wildcard certificate working again, or you get certificates for every subdomain that needs SSL.

Extended Verification (EV) does not work with wildcard certificates. Certificate providers must follow the rules that EV sets forth when they approve applications. EV was invented to increase public confidence in SSL. EV guidelines unfortunately do not allow certificates with wildcards in the Common Name. Wildcard certificates do not give you the green address bar feature that most people look for. wildcard ssl certificate, wildcard ssl, wildcard ssl