A Primer On The PKI Wildcard Certificate By Comodo
This is a primer or a basic guide to the benefits and the use of a PKI Wildcard certificate. If you are new to working with SSL/TLS products and options, this is a great starting point to narrow down your options and to find the right option to match your website needs as well as your budget.
First, it is important to know you may see the term PKI or Public Key Infrastructure interchanged with SSL (Secure Sockets Layer) or the more recent version of SSL that is known as TLS (Transport Layer Security). These are the mechanisms and the protocols used to create the levels of online security that SSL/TLS products provide for domains and subdomains.
The PKI Advantage
SSL and TLS use Public Key Infrastructure. This is the use of the private and public key pairs to encrypt and decrypted information. Collectively, this is known as Public Key Cryptography and involves one key being public (for encryption on websites) and one key being kept private (for decryption a specific server or servers). Unless the two keys can "recognize" each other through a complex mathematical process, the data cannot be decrypted and stays secured even if intercepted or hacked.
In addition to the keys, there is also a digital certificate that is produced by a trusted third party. This is the Certificate Authority or CA. As the world's largest Trust Provider Comodo is recognized by 99.9% of browsers and devices as a trusted third party. In fact, our trusted root certificate is installed in these browser and device certificate stores, allowing our root certificate to verify your certificate is valid and trustworthy.
We earn that trust by providing very through checks or validations on the information provided in the application for all of our SSL/TLS products, including the PKI Wildcard certificate.
Single products to protect a domain, think of this as a website, can only be provided for one Fully Qualified Domain Name. The Fully Qualified Domain Name is the name typed into the URL to get to the website.
The CA verifies the domain is owned by the person or entity applying for the SSL certificate. As the name of the website has to match the cert if a business had a main domain site and also subdomain it would need one single certificate for each subdomain.
Not only would this be costly, but it would also make a lot of extra work to manage the certificates and to keep them valid and current. To get past this point, the CA is able to provide a PKI Wildcard certificate with a Wildcard symbol, represented by an asterisk (*), that can protect the main domain (the Fully Qualified Domain Name) and all subdomains.
For example, a main domain website may be www.yourbusiness.com. Under this main domain, you may have a subdomain of photos for the website photo gallery or perhaps a subdomain to handle mail or payments. These would look like:
The name of the subdomain replaces the more standard "www" subdomain designation.
By applying for the PKI Wildcard certificate and using the *.yourbusiness.com on the Certificate Signing Request, one certificate would cover all of these different options.
What cannot exist on any PKI Wildcard certificate is more than one wildcard position. In other words, you cannot be given a cert that has *.*.yourbusiness.com as the Fully Qualified Domain Name on the Certificate Signing Request.
There are several definite advantages to the PKI Wildcard certificate. We have already talked about the efficiency of the process as there is only one Certificate Signing Request and one install required.
Additionally, the certificate can be purchased for up to three years, further reducing time and effort spent on the management. Cost is also much lower with the Wildcard over single certs or even other combinations of products.
There are other options to consider as well that can be used to secure domains and subdomains. Just remember this option can only have one main domain but multiple subdomains on the single cert. To protect multiple domains and subdomains you may want to consider the UC certificate or the Multi-Domain certificate options.
For more information on the Wildcard cert and to discuss your specific needs and concerns for your website, give our sales staff a call today at +1 888 266 6361. They are also available through our online chat system at any page of the website through https://www.instantssl.com.