Multi-Domain Wildcard SSL Certificate
What is Multi-Domain Wildcard SSL Certificate?
A Multi-Domain (SAN) Wildcard SSL certificate is an efficient SSL certificate that provides security to multiple domain names including their subdomains under a single certificate. It allows securing unlimited subdomains of different domain names simultaneously.
SAN Wildcard SSL certificate offers a cost-effective solution for large businesses and enterprises that want to secure two or more domain names including their subdomains from a single trusted provider. With a Multi-Domain Wildcard SSL, organizations can add up to 250 extra wildcard domain names during the validity of the certificate.
It simplifies SSL management and saves the hassle of purchasing separate certificates for each domain name. Another key advantage is that it provides the same strong encryption to all the domains and their subdomains covered under the certificate.
How Does Multi-Domain Wildcard SSL Certificate Work?
A regular wildcard SSL certificate secures only a single domain name and its subdomains. For example, a wildcard certificate issued for *.example.com will secure subdomain.example.com, test.example.com, etc.
A multi-domain wildcard SSL certificate builds on this by allowing you to add multiple domain names to a single wildcard certificate. For example, a multi-domain wildcard certificate issued for *.example.com and *.example.net will secure:
- subdomain.example.com
- test.example.com
- subdomain.example.net
- test.example.net
and any other subdomains under example.com and example.net.
The multi-domain wildcard works by including Subject Alternative Name (SAN) entries for each domain name in the certificate. The certificate will contain a wildcard entry like *.example.com as well as additional SAN entries such as example.net.
This allows it to secure multiple main domains and all their subdomains with a single certificate.
Benefits of Multi-Domain Wildcard SSL Certificates
Here are some of the benefits of using a multi-domain wildcard SSL certificate:
Convenience
Rather than needing separate certificates for each subdomain, a single wildcard certificate secures unlimited subdomains all at once. This saves the hassle of purchasing, installing and managing multiple individual certificates.
Cost Effectiveness
Wildcard certificates offer significant long-term savings compared to purchasing individual certificates. While the upfront cost may be slightly higher, it pays off over time as more subdomains are added.
Futureproofing
As your site grows and new subdomains are created, they are automatically secured without any additional certificates required. The wildcard futureproofs your SSL setup.
Simplified Management
Just one certificate needs to be installed and renewed rather than tracking multiple expiration dates. Wildcard certificates streamline ongoing management.
Enhanced Security Posture
Having HTTPS enabled across all subdomains establishes trust and reassures visitors that your entire domain is secure. It prevents any non-HTTPS pages from creating mixed content warnings.
Search Engine Optimization
Google and other search engines consider HTTPS security and performance factors when ranking sites. Wildcard certificates help optimize how your entire domain performs in search results.
A well-implemented wildcard SSL certificate provides powerful benefits for modern websites with multiple subdomains. The upfront investment easily pays off through long-term cost savings, simplification and security posture improvements.
How to Install a Multi-Domain Wildcard Certificate
Installing a wildcard SSL certificate requires a few simple steps and takes just a few minutes on most web servers. The process varies slightly depending on the specific server software, but generally follows these basic steps:
Purchase a Multi-Domain Wildcard SSL Certificate
This is obtained through a trusted certificate authority (CA) like DigiCert, GeoTrust or GlobalSign. The CA will provide certificate signing requests (CSR) and installation instructions.
Generate a Certificate Signing Request (CSR)
Use your server’s CSR generation tool (e.g. openssl req on Linux) to create a CSR with the domain name “*.example.com”. Submit this to the CA.
Receive the Signed Certificate
The CA will verify your domain ownership and sign the certificate. They will email you the signed certificate file (.crt or .cer) and any necessary intermediate certificates.
Transfer Files to Server
Use SFTP or your server’s FTP client to upload the signed certificate file and any intermediate certificates provided by the CA.
Install the Certificate in your Server
Configure your server to use the certificate by pasting it into the server’s certificate interface/panel or copying it to the appropriate directory location.
Configure HTTPS Redirects
Edit server configurations to redirect all HTTP traffic to HTTPS using the new certificate. Verify the certificate is functioning properly.
Renew as Needed
Most wildcard certificates are valid for 1-2 years. Plan to renew the certificate ahead of its expiration date following the CA’s renewal process.
With the certificate installed, all existing and future subdomains on that domain will have HTTPS encryption automatically enabled without additional configuration required.
Common Configuration Steps by Server Type
Here are some common steps to configure different server types:
Apache:
- Place certificate in /etc/apache2/ssl
- Configure virtual host for HTTPS
Nginx:
- Place certificate in default SSL folder
- Configure server block for HTTPS
Microsoft IIS:
- Import certificate to Personal certificate store
- Bind certificate to default HTTPS website
Cloud Hosting:
- Varies by provider – follow platform’s SSL install guide
Proper installation and configuration is important to ensure the certificate validates subdomains correctly and enables HTTPS across your entire domain. Most hosting control panels have simple one-click install processes too.
Renewing a Multi-Domain Wildcard Certificate
Like other SSL certificates, multi-domain wildcards have expiration dates that require periodic renewal. The renewal process closely follows the initial installation steps:
Check Expiration Date
Refer to the certificate details to determine when it expires. Plan to renew 30-60 days prior.
Contact the Certificate Authority
Access your CA account and initiate the renewal request through their renewal portal or contact support.
Generate a New CSR (Optional)
Some CAs may require a new CSR, though typically they can renew based on existing domain info.
Receive Renewed Certificate
The CA will verify your details and issue a new certificate with an extended validity period (usually 1-2 years).
Install the Renewed Certificate
Follow your server’s process to remove the expired certificate and replace it with the newly issued renewal.
Configure as Before
No other changes should be needed – the renewed certificate activates automatically. Test that HTTPS still works.
Rinse and Repeat at Next Expiration
Set calendar reminders for the next renewal 30-60 days before expiration. Rinse and repeat.
With proper planning and by automating renewal tracking, wildcard certificates can remain seamlessly active for many years through periodic reissues without service disruptions.
Where Multi-Domain Wildcards are Used
Some common use cases where multi-domain wildcard certificates are deployed:
- Websites – For securing web properties that span multiple domain names and subdomains. For example, example.com, example.net, test.example.com.
- Web services – For APIs, web applications, and web services that use multiple domains and subdomains.
- Multiple brand websites – Ecommerce stores, company websites that use different domains for each brand.
- Global websites – For international websites that use localized country-specific domain names.
- Federated identity – For Single Sign On (SSO) and federated identity management systems that rely on multiple domains.
Comparison with Regular Wildcard SSL Certificates
Here is a comparison between regular wildcards and multi-domain wildcard certificates:
Regular Wildcard
- Secures a single main domain and its subdomains.
- Only supports one domain name – e.g. *.example.com.
- Need to purchase separate certificates for additional domains.
- Doesn’t offer cost savings for multiple domains.
Multi-Domain Wildcard
- Secures multiple main domains and unlimited subdomains.
- Supports multiple domains in one certificate – e.g. *.example.com and *.example.net.
– Allows adding and removing domains flexibly.
- Significant cost savings compared to multiple regular wildcard certificates.
- Convenient central management for all domains.
How to Get a Multi-Domain Wildcard SSL Certificate
Here are the steps to get a multi-domain wildcard SSL certificate:
- Determine the domain names you need to secure under the multi-domain wildcard.
- Choose a trusted SSL certificate provider that issues multi-domain wildcard certificates.
- Submit a certificate signing request (CSR) to the provider for the base domains.
- The CSR must be generated from the server where the certificate will be installed.
- Provide additional verification documents required by the provider to validate domain ownership.
- Once approved, the multi-domain wildcard certificate will be issued.
- Install the issued certificate on your web server applications and services.
- Configure the web server software (like Apache or Nginx) to use the new certificate.
- Test that all domains show the padlock icon and HTTPS protocol to confirm the certificate is working correctly.
- Renew the certificate before expiration to maintain uninterrupted HTTPS protection.
Conclusion
A multi-domain wildcard SSL certificate provides an easy and cost-effective way to secure multiple domain names and unlimited subdomains under a single trusted SSL certificate. Compared to regular wildcard certificates that only secure a single main domain, multi-domain wildcards add significant flexibility, convenience, and cost savings for websites and organizations using multiple domains and subdomains. By allowing easy central management and SSL encryption for multiple domains, multi-domain wildcards simplify SSL security for businesses.
FAQs on Multi-Domain Wildcard SSL Certificate
What is the maximum number of domains that can be added to a multi-domain wildcard SSL certificate?
Most providers allow up to 250 domain names to be added to a single multi-domain wildcard certificate. However, the limit can vary across different certificate authorities.
Do multi-domain wildcards work on all browsers?
Yes, multi-domain wildcards work seamlessly on all modern web browsers including Chrome, Firefox, Safari, IE, and others. The wildcard functionality is natively supported.
Can I use a multidomain wildcard for international domain names?
Yes, international country-specific domain names like example.co.uk, example.in, etc. can be added to a multi-domain wildcard certificate.
What is the validity period of a multi-domain wildcard certificate?
Multi-domain wildcards usually have a 1-year or 2-year validity period. The standard validity periods are the same as regular SSL certificates.
Can I add and remove domains from a multi-domain wildcard certificate?
Most providers allow you to freely add and remove domains from the SAN list of a multi-domain wildcard certificate. You don’t need to reissue or regenerate the certificate each time.
Are multi-domain wildcards more expensive than regular wildcard certificates?
No, multi-domain wildcards are cheaper as they allow securing multiple domains in a single certificate. You can save significantly compared to buying individual certs.