Considerations To Keep In Mind When Using A Wildcard SSL Certificate
One of the most important factors to consider when choosing an SSL/TLS product is that there are different options that are effective for different types of website needs. The SSL or Secure Sockets Layer technology, more correctly now known as TLS or Transport Layer Security is the same, it is the type of protection the SSL certificate offers that will differ.
For example, the basic Comodo SSL is our least costly certificate option. This uses the same 2048 bit RSA key and the up to 256 bit encryption of all of our other products, but it is only designed to secure a single main domain or a single subdomain.
This is a perfect option for a smaller website, a blog or an information site that isn't an ecommerce site. However, once the site starts to become more complicated it often makes sense to create subdomains. These subdomains, with the Comodo SSL, would each need to be separately secured, which would soon become cost prohibitive. It would also create challenges for generating the Certificate Signing Request, installing the certificate and completing renewals.
The Answer to the Problem
To address this, we recommend using a Wildcard SSL certificate. This allows one certificate to be used to cover a main domain and all the subdomains, at least if you choose the Comodo product. Some of our competitors do limit the number of subdomains and even the number of servers you can install the certificate on, but we don't do that.
This means that the price you see on our website for using a Wildcard SSL certificate for one, two or three years is all that you will pay. There are no additional licenses required to install the certificate on any other servers in your network. We really do mean unlimited physical servers and our customer support and tech services team is here if you require any assistance with the installation process.
What it Covers
Even with some IT professionals, there can be some confusion over what using a Wildcard SSL certificate actually provides coverage for. It can be designed to provide unlimited coverage of the main domain, which is the main website Fully Qualified Domain Name. This may also be known as the Common Name.
It will also cover anything that is a single level subdomain if the Certificate Signing Request is generated using the *.mycompany.com format. In this scenario, the "mycompany" would be your domain name. The last part of the URL, the .com is really the top-level domain name. This is sometimes known as an extension and can include any recognized extension including .org, .net, .edu or any other recognized option.
When using a using a Wildcard SSL certificate you can also secure a second level subdomain. This would look like *.subdomain.domain.com. This format would cover any second-level subdomains with the subdomain, the domain and the extension matching the certificate.
You cannot create this type of a certificate with two wildcard or placeholder options. For example, to combine the subdomain coverage and the second level subdomain coverage in the examples above you could not submit a Certificate Signing Request that looked like *.*.domain.com.
When using a Wildcard SSL certificate, there are no more security issues for the website or the server(s) than with any other SSL/TLS products. The one issue to always remember is that the private key has to be in a secure file on the server.
The more installations that are completed manually and the more people that are in involved in the IT team, the greater the risk of potential issues with the private key. Once the private key becomes available to someone else with access to the system they can use it to create fraudulent websites that follow the Wildcard certificate format and potentially create a security breach across your entire series of servers.
In the past, there was a problem with using a Wildcard SSL certificate on mobile devices. This has been resolved with top security providers such as Comodo now having our root certificates embedded with devices. This allows those devices to recognize our wildcard products without any warnings or security messages.
For more information on working with the SSL/TLS products or if you need help with a purchase, see us online at https://www.instantssl.com. Feel free to also give us a call if you want to talk in person; you can reach use at +1 888 266 6361.