The function of a Wildcard SSL product is to provide a secure website data transmission between the browser and the server for the main or root domain as well as the subdomains.
In order to understand how this can occur, it is essential to look a bit closer at the protocols behind secure sockets layer or SSL. If you are new to IT or working on a website as a project of your own, it will also be helpful to know that you may see this written as SSL/TLS or simply TLS, although this is less common.
Both refer to the same encryption and decryption as well as authentication of information between the client (browser or device) and the server. Once you understand how the root domain or main domain connects, you will be able to see how the subdomains can use this same protocol.
The CSR
To obtain a certificate from a Certificate Authority, you will first need to generate a Certificate Signing Request or CSR on your server.
If you are applying for a Wildcard or a standard SSL certificate, this can be done on any server in the system. You will then be able to export and import and share this cert and the private key with other servers on your network. For the CSR you only need to use one server.
When you apply for a Wildcard SSL certificate on the CSR instead of entering the Fully Qualified Domain Name, which will look something like www.mycompany.com, you will not enter the www. If you did enter the www you would only provide protection to the main domain or the root domain.
This is because the certificate has to match the name showing in the URL or the FQDN for that particular part of the website. If you had a subdomain for uploaded photos to your site that was under the subdomain photos.mycompany.com it would not be protected with an SSL certificate for the root domain of www.mycompany.com because of the mismatch between "www" and "photos" at that first position in the FQDN.
In order to provide a Wildcard SSL certificate for root domain and subdomains, you need to need to use a placeholder or a wildcard in the first position of the domain name. The wildcard symbol is universally recognized as the asterisk (*) by all Certificate Authorities.
The example above would, therefore, look like *.mycompany.com. This provides protection for any subdomain name that can be used in place of the (*). This Wildcard SSL Certificate for root domain and subdomains would provide security for:
- a.mycompany.com
- photos.mycompany.com
- www.mycompany.com
- payments.mycompany.com
Most Certificate Authorities offering a Wildcard SSL certificate for root domain and subdomains will offer up to a set number of subdomains. Some are as low as 25, while we allow you to secure any number of subdomains and the main domain. We also do not charge more for additional licenses and you can install it on unlimited physical servers.
Cautions
What a Wildcard SSL certificate for root domain and subdomains cannot do is also secure second-level subdomains on the same certificate. For example, the *.mycompany.com will secure photos.mycompany.com but it would not be able to ensure dogs.photos.mycompany.com as the "dogs" second level domain is an additional part of the FQDN not included on the CSR.
It is also not possible to have two wildcard symbols on a certificate or a CSR. In other words, you could not try to address the issue above by producing a CSR that looked like *.*. mycompany.com to work around the second-level subdomain issue.
There are different options to consider when you have a more complicated structure to your website. One option is to create subfolders in subdomains, which virtually eliminates this issue. Depending on the size of your website and the traffic you need to direct specifically to those second-level subdomain pages this may or may not be a possibility to consider.
If you are looking for a Wildcard SSL Certificate for root domain and subdomains, take a closer look at our product. We offer free PCI and web vulnerability scanning for a year as well as up to 256 bit encryption, 2048 bit keys and it is recognized by 99.9% of browsers and devices.
Give us a call if you want to talk in person at +1 888 266 6361. Our staff is here to help you to get the right products for your budget and your website security needs.