A Wildcard SSL Certificate For WWW And Beyond
Whether you call it a URL, a website name, a domain name or any other version, the information typed into the address bar of the browser will direct you to one specific site on the internet.
This is done through what is known as DNS or Domain Name System and it is uniform for all websites across the world. While there are issues with IP addresses and other factors that come into play with Secure Socket Layer or SSL/TLS technology, we are going to keep it simple and focus just on the actual information typed into the address bar.
What's in a Name?
The Fully Qualified Domain Name (FQDN) is mandatory to get where you want to go online. For example, if your website was www.mywebsite.com you have to type in the www, the name (mywebsite) and the extension of .com to get there. If you type in a different extension such as .net or .org, you will end up at a different site or a yet unclaimed website.
This is important as it is at the heart of how the Wildcard SSL certificate for www subdomains actually work. Understanding this naming policy and how the choice of where to use the wildcard aspect of the certificate can have a more complete or a more limited application to your site is important.
Although we read the URL from left to right, with regards to the DNS that is actually reverse. The last section (.com, .net, .org and so on) is considered the top-level domain or TLD. The middle section between the "dots" is the second-level domain or SLD.
The first section or the Wildcard SSL certificate for www actually forms the subdomain. In other words, www is a subdomain indicator. This is why you may see different areas on a website designed as mail, photos or payments. In these cases, the complete name would look like:
All of these are subdomains under the main domain that would start with the "www" for the respective websites.
If you were to create a Wildcard SSL certificate for www, then all that would be covered on the website would be the main domain. This is because the SSL certificate has to match the specific Fully Qualified Domain Name (FQDN) for all three sections.
This is required to ensure that an SSL/TLS product cannot be used on any other website. Without this feature, the trust associated with the use of these certificates would quickly be destroyed and would also continually put consumer information at risk of interception and attack.
So a Wildcard SSL certificate for www is not really a wildcard, it is just basic SSL/TLS certificate at the domain or organization level of validation.
To work through this but still provide the highest possible levels of authentication and validation it is possible to apply for a Wildcard SSL certificate for www (the main domain) and all subdomains by using the (*) in place of the www.
The asterisk is the wildcard or the placeholder for the names of all the subdomains that exist now and that will be created in the future. This is possible as the CA, the Certificate Authority, is able to verify the applicant matches with the information on record for the domain and that the business is authentic when selecting the organization level.
Since the main domain can be verified and validated, it is logical that the subdomain from that main domain are also authentic and used by those with the proper authority to do so. This is why the Wildcard SSL certificate for www also works for the subdomains.
This is also the reason why it is not possible to have an EV or extended validation on a Wildcard certificate. This highest level of security requires the CA validate more information about the business and compare it to one unique FQDN. It would be impossible to use the wildcard as this would not give this level of validation and security.
We recognize that the SSL/TLS products can be complicated and it may be possible that a Multi-Domain (SAN) or even a UC certificate may be a better match for some websites. To find out which options are the best to consider, or to discuss the pros and cons of different products, get in touch with our staff today.
You can reach us by phone at +1 888 266 6361, or you can chat with us online through the website. We are easy to find at https://www.instantssl.com. You can also drop us an email if that is easier, we will make sure the information you need is available.