The Problems With A Wildcard SSL Certificate For Extended Validation

When it comes to providing a level of trust and assurance for customers using your website, we understand that you want to be able to provide the highest possible level. This true for sites running on a single main domain and subfolders and it also true for a website using a main domain and subdomains.

Many IT professionals and website developers prefer the highly recognized EV SSL. This stands for Extended Validation Secure Sockets Layer. This provides the full green address bar, the green padlock and the green alternating company and Certificate Authority name. Highly visible and easy to recognize, it is the perfect option when consumer and user security for transmitting data is a critical factor.

The EV SSL only can be granted to a single website or as our Multi-Domain EV product. This means that for a main domain using subfolders instead of subdomains the EV SSL is a very good option. The problem comes in when subdomains are added instead of subfolders.

The Central Issue

The biggest issue that prohibits a Wildcard SSL certificate with extended validation is the specific validation process that is used with these types of products. As the founder of Comodo, Mehil Abdulhayoglu, was instrumental in developing the protocols around the extended validation SSL/TLS certificates we know the important of this rigorous validation processes. This was completed through the CAB Forum, a voluntary group of Certificate Authorities and browser developers wanting a consistently high-level validation option.

The Comodo EV SSL validation process is provided in writing through our WebTrust logos at the bottom of all of our webpages. This meets all of the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria. We submit to an independent audit to ensure we follow all of the written policies with every extended validation we provide.

To complete the extended validation process, we have to verify the applicant's legal status, typically through private organizations or government websites that are considered trusted sources. We also check the organization (business) for any flagged behavior including on an anti-phishing network as well as other types of exclusionary lists.

The physical address of the business is verified, often through an independent database. This is coupled with proof of operational existence and all the steps we take to prove the applicant or an agent working on behalf of the agent is making the application.

This has to be completed for every Fully Qualified Domain Name supplied with the Certificate Signing Request. This does take time and sometimes we may also require letters of verification if specific information cannot be found or confirmed through online databases and trusted sources. As we provide trust products for companies around the world, there can be a difference in how accessible the information may be based on the physical location of the applicant and the business.

The Wildcard Problem

The reason that a Wildcard SSL certificate with extended validation is not possible is the actual wildcard component. With the extended validation protocol the information on the Certificate Signing Request, including the Fully Qualified Domain Name must match with all databases and resources we use to verify.

With the wildcard products, there is always the wildcard component or the use of the (*) as a placeholder for the subdomain. This means that the Fully Qualified Domain Name is not listed on the Certificate Signing Request and could not be listed on the certificate.

The risk of the fraudulent use of a Wildcard SSL certificate with extended validation is simply too great as it would not have the same validation process as all other EV SSL products. The result would be an overall decrease in consumer and user confidence in all EV SSL products, which is counterproductive to the needs of the IT and ecommerce community.

If you do think the Wildcard SSL certificate with extended validation is the best option for your website, we do have potential solutions to help. We can offer discounts on bulk requirements for EV SSL that can bridge the gap and provide the level of security you want with a great price. We also offer our Multi-Domain EV product that is a top option.

To discuss your EV SLL or Wildcard SSL needs, we are here to answer your questions. Our experienced sales staff can assist in finding the products that will meet your need for customer trust and assurance while also working within your existing budget.

To get in touch, chat with us online at or give us a call at +1 888 266 6361. We can answer your questions and provide you with the ideas and suggestions to ensure you get the right product.

Related Articles
Back to TOP