With the prevalence of data breaches and other forms of cybercrime, regular Internet users are taught to look for “HTTPS” instead of “HTTP” in the domains of the websites they visit. A lock symbol often comes with this, indicating that the connection between the user’s browser and the website’s server is encrypted.

HTTPS stands for “HyperText Transfer Protocol Secure,” which means the website’s traffic is encrypted by Secure Socket Layer (SSL). While 80% of the sites today have SSL certificates, website owners and administrators find that securing SSL certificates could be expensive, especially if they have multiple subdomains. In this case, some site owners choose to secure their domain and its subdomains with a wildcard SSL certificate.

What Is a Wildcard SSL Certificate?

A wildcard SSL certificate issued to a domain covers an unlimited number of its subdomains. For example, the website owner of example[.]com doesn’t need to obtain different certificates for these commonly used subdomains:

  • shop[.]example[.]com
  • blog[.]example[.]com
  • mail[.]example[.]com
  • login[.]example[.]com
  • products[.]example[.]com

Some websites may even have more subdomains, depending on their business needs. To put things into perspective, take note that most domain name registrars allow up to 500 subdomains for every domain. Without a wildcard SSL certificate, site administrators would need to secure, renew, and manage individual SSL certificates for every subdomain they maintain.

How Do Wildcard SSL Certificates Work?

A website’s common or base name is indicated on its SSL certificate. The base name refers to the site’s hostname or domain name, such as example[.]com. In wildcard SSL certificates, this common name remains the same, but its subdomains are also accommodated.

A wildcard SSL certificate may only apply to one subdomain level. That means the wildcard SSL certificate for the third-level subdomains and fourth-level domain names (and above), such as login[.]shop[.]example[.]com and www[.]login[.]myportal[.]example[.]com will not work for *.example.com.

To understand it better, the image below details the domain name levels, starting with the top-level domain (TLD) on the right to the third and fourth subdomain levels. Note that subdomains may reach more than four levels, depending on its owner’s need.

domain name levels

Most providers would require you to indicate the subdomain level with an asterisk when getting a wildcard certificate. For instance, to get an SSL certificate for the first-level subdomains of the domain example[.]com, you may indicate the following:

 Wildcard SSL Certificate example

Prices usually start at around $34 per year.

What Is the Difference between an SSL Certificate and a Wildcard SSL Certificate?

Wildcard SSL certificates comprise a subset of SSL certificates. The main difference between the two is the certificate’s security coverage. An SSL certificate could mean that only the domain name (e.g., example[.]com) could be secured. On the other hand, with a wildcard SSL certificate, the domain and its specific subdomains are covered by the certificate.

Therefore, instead of securing separate SSL certificates for each subdomain, website administrators can obtain a single wildcard SSL certificate for the domain and all its subdomains.

For businesses that don’t have subdomains, a regular SSL certificate would do. But if multiple subdomains are involved, a wildcard certificate could be a more cost-effective option.

How Much Does Obtaining a Wildcard SSL Certificate Cost?

Wildcard SSL certificates can cost much, although there are cheaper ones available. The price would ultimately depend on its coverage, encryption type used, device and browser compatibility, warranty, and other features.

Among the most important considerations when getting a wildcard SSL certificate is coverage. Some wildcard SSL certificates only provide licenses for a single server, while others cover multiple servers. As such, your business needs would dictate which type of certificate is best for you.

With all the cybercrime occurring around us, using SSL certificates has become a norm. In fact, it’s been more than five years since Google encouraged website owners to secure their websites with SSL certificates. Not doing so would prompt Chrome to display a red “x” mark over a padlock icon, which could make visitors shy away from the website.

With or without encouragement, website owners are responsible for keeping their visitors’ data safe. Therefore, it’s essential to secure the traffic between the visitor’s browser and the website server using the latest encryption standard and SSL certificates. Most businesses find that they can strike a balance between providing security and keeping their overhead costs low with wildcard SSL certificates.