Avast Academy Security Business What Is a Wildcard Certificate and How Does It Work?

What Is a Wildcard Certificate and How Does It Work?

Promoting flexibility and versatility, wildcard certificates provide a valuable option to help your business reduce costs, deliver efficient encryption, and promote scalability. This article will explain what a wildcard certificate is, how they work, and the benefits and potential security risks of using this type of SSL certificate.

Written by Avast Business Team
Published on May 18, 2022

What is a wildcard certificate?

A wildcard SSL certificate is a single SSL/TLS certificate that can provide significant time and cost savings, particularly for small businesses. The certificate includes a wildcard character (*) in the domain name field, and can secure multiple subdomains of the primary domain.

Hamburguer menu icon

This Article Contains :

    How do wildcard certificates work?

    Instead of having multiple certificates for securing the internet traffic for your business, a wildcard SSL certificate covers all subdomain names. For example, the single wildcard certificate for “*.google.com” can be used to secure “www.google.com,” “mail.google.com,” and “calendar.google.com.”

    Wildcard certificates fall under two main categories:

    • Domain-validated (DV) certificates can be delivered quickly following purchase, but you must prove that you own the domain.

    • Organization-validated (OV) certificates can only be used by registered businesses, and your company information will be placed in the certificate. However, you must go through a review process for approval.

    Wildcard SSL certificates house a private key, which is shared across all subdomains. A private key is developed when a certificate signing request (CSR) is made during the creation of the certificate. If multiple servers are used, you will be required to copy the private key onto each server at the time the certificate is installed.

    What is the difference between an SSL and a wildcard SSL?

    Both a standard and regular wildcard certificate deliver significant encryption capabilities. However, while a standard certificate applies to a single domain or subdomain, wildcard certificates cover a multitude of subdomains — the initial part of the URL prior to the domain name, such as:

    • mail.website.com

    • login.website.com.

    The most comparable certificate to a wildcard certificate is known as a Subject Alternative Name (SAN) certificate or Unified Communication Certificate (UCC).In comparison with the wildcard certificate, which covers only subdomains in unlimited numbers, the UCC/SAN certificate provides the ability to protect up to 250 domains and subdomains into one SSL certificate (e.g., mail.google.com and mail.google.co.uk).

    A restriction of these certificates is that you have to list all domains/subdomains upon purchasing the certificate. However, you can amend these at any stage with a wildcard.

    Wildcard SSL pros

    Providing ease of securing multiple subdomains, wildcard SSL certificates deliver increased productivity and efficiency to businesses. For example, wildcards offer the flexibility to add subdomains as required, minimizing time spent on administration and allowing you to develop a more agile IT strategy.

    Wildcard SSLs are also more cost effective than purchasing separate certificates for each subdomain. Instead, a single certificate can be used for an unlimited number of subdomains.

    Another advantage to wildcard certificates is that they can be used on multiple servers. For example, if you plan to keep your email subdomain on one server and your main public-facing website on another server, it is possible to do so using the same wildcard SSL.

    Wildcard SSL cons

    There are few disadvantages to utilizing a wildcard certificate, but the main downside is security. While SSL certificates offer a high level of encryption (securing websites using HTTPS), a single certificate means that there is a single point of entry for multiple subdomains. This could open up risks to spoofing attacks, with hackers accessing confidential data, spreading harmful malware, or manipulating existing operations.

    Server security should be a key consideration when choosing certificates. If multiple servers are used, this can place further pressures on existing security practices. Installing the certificate requires copying a certificate file to the server, and then copying the private key from the primary server to all other servers. Because this involves the physical movement of extremely delicate and valuable information, it opens other avenues for attack — security around connections to the server, as well as working practices of server maintenance and permitted access are placed under more pressure.

    The more people involved — from the individual managing the domain (Head of IT), to the registrar (organization) — the more risk there is of attack. If the private key is compromised, all subdomains using the wildcard will also be compromised as the certificate could be installed on other servers outside of the organization.

    Lastly, wildcard certificates cannot be utilized at all validation levels. While they are freely used at domain validation (DV) and organization validation (OV) levels, they cannot be used for extended validation (EV). In this case, it will be beneficial to deploy single certificates or multi-domain certificates.

    Improve your security with Avast Business

    Providing enterprise-grade security through easy-to-deploy cloud security solutions, Avast Business products offer maximum protection for your business and customers. We deliver streamlined security solutions using cloud-based machine-learning, as well as endpoint protection and network security managed from one integrated platform.

    Get enterprise-grade security for your business with Avast Business Hub

    Free trial

    Get enterprise-grade security for your business with Avast Business Hub

    Free trial
    Avast Business Team