Wildcard certificate

From Wikipedia, the free encyclopedia
Jump to: navigation, search
An example of a wildcard certificate on https://plus.google.com (note the asterisk: *)
An example of an EV certificate acting as a wildcard certificate on https://www.ssl.com (note the Subject Alternative Name (SAN) field)

A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain.[1]

Depending on the number of subdomains an advantage could be that it saves money and also could be more convenient.


Only a single level of subdomain matching is supported.[2]

It is not possible to get a wildcard for an Extended Validation Certificate.[3]

A workaround could be to add every virtual host name in the Subject Alternative Name (SAN) extension,[4][5][6] the major problem being that the certificate needs to be reissued whenever a new virtual server is added.[7]

Wildcards can be added as domains in multi-domain certificates or Unified Communications Certificates (UCC).[8] In addition, wildcards themselves can have subjectAltName extensions, including other wildcards. For example: The wildcard certificate *.wikipedia.org has *.m.wikimedia.org as an Subject Alternative Name. Thus it secures https://www.wikipedia.org as well as the completely different website name https://meta.m.wikimedia.org.[9]


In the case of a wildcard certificate for *.example.com, these domains would be valid:

  • payment.example.com
  • contact.example.com
  • login-secure.example.com
  • www.example.com

Because the wildcard only covers one level of subdomains (the asterisk doesn't match full stops), these domains would not be valid for the certificate:

  • test.login.example.com

The "naked" domain is also not valid (it must be added separately as a SubjectAltName):

  • example.com
Brief information about wildcard ssl certificate.

See also[edit]



  1. ^ Wildcard SSL certificate on Verisign.com
  2. ^ Wildcard SSL certificate limitation on QuovadisGlobal.com
  3. ^ No wildcard for an Extended Validation Certificate on Entrust.net
  4. ^ x509v3_config-Subject Alternative Name
  5. ^ The subjectAltName field
  6. ^ The SAN option is available for EV SSL Certificates on Symantec.com
  7. ^ Need to be reissued whenever a new virtual server is added
  8. ^ Wildcard domains can be used within UCC on SSL.com
  9. ^ SSLTools Certificate Lookup of Wikipedia.org's wildcard ssl certificate