FAQ Hero
Public Trust & Certificates

What is a Wildcard
SSL certificate?

What is a Wildcard SSL certificate?

A Wildcard SSL certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure a single domain and multiple subdomains.

For example, a Wildcard SSL certificate for *.example.com, could be used for www.example.com, mail.example.com, store.example.com, in addition to any other first-level subdomain name.

How does a Wildcard certificate work?

DigiCert Wildcard TLS/SSL certificates provide protection for unlimited first-level sub-domains of the domain name you specify in your certificate signing request (CSR).

With this certificate, as shown in the example, *.yourdomain.com, the asterisk (*) serves as the wildcard character that allows the certificate to take on any first-level subdomain name. It would not secure second-level and lower subdomains such as enterprise.sales.yourdomain.com.

What is the price of a Wildcard SSL certificate?

The price of a Wildcard SSL certificate is determined by the number of subdomains you secure and the number of years of coverage you select. With a DigiCert Wildcard SSL certificate you can secure up to 250 subdomains. Check the wildcard SSL certificate price here or by logging into your DigiCert CertCentral account.

What is the difference between a multi-domain SAN certificate and a Wildcard SAN certificate?

A multi-domain subject alternative name (SAN) certificate, also known as a multi-domain certificate, can support multiple domains and multiple host names with domains. 

Multi-domain SAN certificates are more flexible than Wildcard SAN certificates since they are not limited to a single domain. Combining the functionality of both allows you secure a much broader set of domains along with the capability to use them on any number of subdomains.

Currently, all DigiCert TLS/SSL certificates can be converted to a Wildcard SAN or a multi-domain SAN certificate. (Note: Only non-Wildcard names can be added as SAN.)

How do I add SAN?

SAN is an optional feature available during your Wildcard SSL/TLS purchase. You can add up to an additional 250 SANs to a single certificate.

Note: It is imperative that software documentation is referenced to ensure that the server on which the certificate will be installed supports wildcard certificates.   

When should I request a Wildcard SSL Certificate?

A Wildcard SSL/TLS certificate should be considered when you’re looking to secure a number of subdomains, such as secure.yourdomain.com, www.yourdomain.com, and mail.yourdomain.com with a single certificate.

The format of the common name entered for the Wildcard SSL/TLS Certificate will be *.yourdomain.com.

Do Wildcard SSL/TLS certificates work with all servers and browsers?

Wildcard SSL/TLS certificates work with most servers. If unsure, check with your server vendor for further assistance.

What if I have multiple servers?

A Wildcard TLS/SSL certificate secures all the subdomain names associated with a domain name on one server. If multiple servers are involved, the certificate and its corresponding private key would need to be used on the other servers.

Please Note: The use of one certificate on more than one device can result in increased security risks to networks. DigiCert expressly disclaims any liability for breaches of security that result from the distribution of a single private key across multiple devices.

Can I share the IP address with all the subdomain names?

Yes. As the same certificate will be used to secure all the subdomain names associated with a domain name, an IP address can be shared amongst all the subdomain names. By nature, the SSL/TLS protocol is IP based, but in this case, where the same certificate will be used by all subdomain names, a Wildcard certificate can be configured for use with name-based virtual hosts instead of IP-based virtual hosts.