In computer networking, a wildcard certificate is a public key certificate which can be used with multiple sub-domains of a domain. The principal use is for securing web sites with HTTPS, but there are also applications in many other fields. Compared with conventional certificates, a wildcard certificate can be cheaper and more convenient than a certificate for each sub-domain. Multi-domain wildcard certificates further simplify the complexity and reduce costs by securing multiple domain and their sub-domains.
Example
A single wildcard certificate for will secure all these subdomains on the domain:
Instead of getting separate certificates for subdomains, you can use a single certificate for all main domains and subdomains and reduce cost. Because the wildcard only covers one level of subdomains, these domains would not be valid for the certificate:
Note possible exceptions by CAs, for example wildcard-plus cert by DigiCert contains an automatic "Plus" property for the naked domain.
Type of wildcard certificates
Wildcard certificates are categorized on the basis of validation level, number of domain and number of servers it can be used with. Likewise they are named as domain validation wildcard certificate, organisation validation wildcard certificate and extended validation wildcard certificate when we categorize them according to validation level. The name Multi-domain wildcard certificates and Multi-server wildcard certificates are given according to number of domain and number of server. All types of wildcard certificates signed by popular CAs are categorized and listed internet. Therefore there are types of wildcard which can secure multiple domains, multiple servers and provide different levels of validation.
Limitations
Only a single level of subdomain matching is supported in accordance with. It is not possible to get a wildcard for an Extended Validation Certificate. A workaround could be to add every virtual host name in the Subject Alternative Name extension, the major problem being that the certificate needs to be reissued whenever a new virtual server is added. Wildcards can be added as domains in multi-domain certificates or Unified Communications Certificates. In addition, wildcards themselves can have extensions, including other wildcards. For example, the wildcard certificate has as a Subject Alternative Name. Thus it secures as well as the completely different website name. argues against wildcard certificates on security grounds.
Examples
The wildcard applies only to one level of the domain name. The wildcard may appear anywhere inside a label Do not allow a label that consists entirely of just a wildcard unless it is the left-most label A cert with multiple wildcards in a name is not allowed. A cert with plus a top-level domain is not allowed. Too general and should not be allowed. International domain namesencoded in ASCII are labels that are ASCII-encoded and begin with. Do not allow wildcards in an international label.