Using The Wildcard SSL Certificate With Root Domain And Subdomains

The function of a Wildcard SSL product is to provide a secure website data transmission between the browser and the server for the main or root domain as well as the subdomains.

In order to understand how this can occur, it is essential to look a bit closer at the protocols behind secure sockets layer or SSL. If you are new to IT or working on a website as a project of your own, it will also be helpful to know that you may see this written as SSL/TLS or simply TLS, although this is less common.

Both refer to the same encryption and decryption as well as authentication of information between the client (browser or device) and the server. Once you understand how the root domain or main domain connects, you will be able to see how the subdomains can use this same protocol.

The CSR

To obtain a certificate from a Certificate Authority (Comodo is the most commonly used in the world), you will first need to generate a Certificate Signing Request or CSR on your server.

If you are applying for a Wildcard or a standard SSL certificate from Comodo, this can be done on any server in the system. You will then be able to export and import and share this cert and the private key with other servers on your network. For the CSR you only need to use one server.

When you apply for a Wildcard SSL certificate on the CSR instead of entering the Fully Qualified Domain Name, which will look something like www.mycompany.com, you will not enter the www. If you did enter the www you would only provide protection to the main domain or the root domain.

This is because the certificate has to match the name showing in the URL or the FQDN for that particular part of the website. If you had a subdomain for uploaded photos to your site that was under the subdomain photos.mycompany.com it would not be protected with an SSL certificate for the root domain of www.mycompany.com because of the mismatch between "www" and "photos" at that first position in the FQDN.

In order to provide a Wildcard SSL certificate for root domain and subdomains, you need to need to use a placeholder or a wildcard in the first position of the domain name. The wildcard symbol is universally recognized as the asterisk (*) by all Certificate Authorities.

The example above would, therefore, look like *.mycompany.com. This provides protection for any subdomain name that can be used in place of the (*). This Wildcard SSL certificate for root domain and subdomains would provide security for:

  • a.mycompany.com
  • photos.mycompany.com
  • www.mycompany.com
  • payments.mycompany.com

Most Certificate Authorities offering a Wildcard SSL certificate for root domain and subdomains will offer up to a set number of subdomains. Some are as low as 25, while Comodo allows you to secure any number of subdomains and the main domain. We also do not charge more for additional licenses and you can install it on unlimited physical servers.

Cautions

What a Wildcard SSL certificate for root domain and subdomains cannot do is also secure second-level subdomains on the same certificate. For example, the *.mycompany.com will secure photos.mycompany.com but it would not be able to ensure dogs.photos.mycompany.com as the "dogs" second level domain is an additional part of the FQDN not included on the CSR.

It is also not possible to have two wildcard symbols on a certificate or a CSR. In other words, you could not try to address the issue above by producing a CSR that looked like *.*. mycompany.com to work around the second-level subdomain issue.

There are different options to consider when you have a more complicated structure to your website. One option is to create subfolders in subdomains, which virtually eliminates this issue. Depending on the size of your website and the traffic you need to direct specifically to those second-level subdomain pages this may or may not be a possibility to consider.

If you are looking for a Wildcard SSL certificate for root domain and subdomains, take a closer look at Comodo product. We offer free PCI and web vulnerability scanning for a year as well as up to 256 bit encryption, 2048 bit keys and it is recognized by 99.9% of browsers and devices.

To learn more see us online at https://www.instantssl.com, or give us a call if you want to talk in person at +1 888 266 6361. Our staff is here to help you to get the right products for your budget and your website security needs.

Related Articles
Content

Close icon

Comodo Advisor CHAT WITH
AN ONLINE ADVISOR

Chat With Instantssl Sales Team

Chat with Support

Click here to visit the online Comodo Support Portal.

Your support question may have already been answered.