Wildcard SSL Certificate for Second-Level Subdomain – Is It Possible?
Securing subdomains is not always an easy task. Typically, the Wildcard SSL certificate is marketed as being able to secure ‘unlimited subdomains.’
However, this is not entirely true. It makes people think that all subdomains at different levels can be secured with a single certificate, which creates confusion and misunderstandings.
So is there a solution? Let’s find out. But before we do that, let us understand what a wildcard SSL certificate is.
What is a Wildcard SSL Certificate Second-Level Subdomain?
A wildcard SSL certificate is a digital SSL certificate that secures several subdomains that are part of a primary domain. With it, any subdomains a website has can be secured.
For example, if your domain name is www.yourwebsite.com, the certificate can secure any subdomains like blog.yourwebsite.com, store.yourwebsite.com, etc.
The asterisk (*) character is called the ‘wildcard’ character in the certificate’s Common Name (CN) field. Due to this, a subdomain of the primary domain, regardless of its name, can use the certificate.
Key Features of Wildcard SSL Certificate
Coverage for Multiple Subdomains
With a certificate, you can secure all subdomains under a primary domain with just one SSL. For example, a certificate for *.yoursitename.com can secure blog.yoursitename.com, shop.yoursitename.com, and any other subdomain you create.
Web Browser Compatibility
The certificates are compatible with all major web browsers, including Internet Explorer, Firefox, Chrome, and Safari.
Easy Installation
The certificates can be installed on the server in the same way as other SSL certificates. Once installed, the certificate will automatically apply to all subdomains.
When you create a CSR for a Wildcard SSL certificate, you use an asterisk (*) to encrypt the first-level subdomain you need to add encryption. Having said that, if you have another subdomain at the second level, you cannot use that certificate for security.
This can pose a complicated issue for companies that employ multi-level subdomains in their web architecture, especially when there are misunderstandings about Wildcard SSL certs functionality.
What is a Multi-Level Subdomain?
In simple terms, it refers to a subdomain that is two levels deep, like sub2.sub1.yourwebsite.com. A multi-level wildcard SSL can secure any subdomains at the same level (e.g., *.yourwebsite.com covers sub1.yourwebsite.com, sub2.yourwebsite.com, etc.). But, securing a second-level subdomain requires a certificate with a specific set of features.
This type of SSL certificate should include the top-level domain (yourwebsite.com) and the specific second-level subdomain (sub1.yourwebsite.com, sub2.yourwebsite.com, etc.) in the SAN (subject alternative name) field.
The answer is a Multi-Domain Wildcard SSL certificate!
What is a Multi-Domain Wildcard Certificate?
Multi-Domain Wildcard SSL certificate is the top-end SSL certificate that protects level subdomains such as sub1.sub2.yourwebsite.com, sub2.sub3.yourwebsite.com, etc. MDC wildcard SSL is also known as a multi-level wildcard certificate in the industry.
It is specially built and designed for large-scale online businesses where primary domains hold multi-level subdomains on multiple servers.
It can secure many subdomains under a fully qualified domain name, unlike a regular wildcard certificate that can only secure a single level of subdomains. This indicates that it can secure both subdomains immediately beneath the main domain and others nested in a hierarchy of levels.
For instance, if your website has the domain ‘yourwebsite.com’ and several subdomains like;
- Mail.yourwebsite.com
- Store.yourwebsite.com
- Blog.store.yourwebsite.com
- Products.store.yourwebsite.com
A multi-level wildcard SSL certificate with the common name ‘*.store.yourwebsite.com’ can secure all these subdomains.
Key Features of Multi-Domain Wildcard Certificate
Multiple Validation Levels
Multi-Level Wildcard SSL certificates can be issued at various validation levels, including Domain Validation (DV) and Organization Validation (OV), depending on the level of trust and security you require.
Web Browser Compatibility
The certificates are compatible with all major web browsers, mobile devices, control panels, and email servers, which means that visitors to your website will not receive any security warnings or errors.
Unlimited Server Licenses
The certificate includes unlimited server licensing, allowing website owners to install the same certificate on multiple servers without paying extra charges.
Add Up to 250 Websites or Subdomains
MDC wildcard can allow the certificate owners to add up to 250 websites, subdomains, and other SAN options. You can edit, update, or remove any SAN on multiple servers.
How to Secure Second Level Subdomain Using Wildcard SSL?
A multi-level wildcard SSL is designed to help organizations with complex website structures that use multi-level subdomains.
For instance, you can use it to secure multiple websites and their first-level subdomains and several sets of second-level ones with a single certificate. Let us show you your website so you can better understand it.
Consider the following Certificate Signing Request (CSR):
- FQDN: yourwebsite.com
- Wildcard SAN: *.yourwebsite.com
- Wildcard SAN: *.mail.yourwebsite.com
- Wildcard SAN: *.members.yourwebsite.com
- Wildcard SAN: *.dev.yourwebsite.com
- Wildcard SAN: *.yourwebsite2.com
- Wildcard SAN: *.ftp.yourwebsite2.com
- Wildcard SAN: *.shop.yourwebsite2.com
With this CSR, you can secure two websites, all their first-level subdomains, and five second-level subdomains using a single Multi-Domain Wildcard SSL certificate.
Note: The certificate will not cover two subdomain levels of mail.yourwebsite.com. To cover two levels, a separate Wildcard SSL certificate would be required. However, this Wildcard SSL certificate would cover any new directories added under mail.yourwebsite.com.
A Certificate Authority issues a multi-domain certificate based on the domain names listed in the SAN field of the certificate. The placeholder, represented by an asterisk, can only replace one field in the domain name submitted to the Certificate Authority (CA). Including too many variables in the certificate would decrease its security and reliability.
Moreover, it can put a risk to your internal security. For instance, if someone with access to the private key and certificate sets up a subdomain website that the SSL covers, it could compromise the internal security of the organization.
Ending Words
A Multi-Domain Wildcard SSL certificate is a versatile solution for those who need to secure multiple domains and subdomains at multiple levels within a single domain.
With this ability to secure unlimited subdomains, both at the first and subsequent levels, Multi-Domain Wildcard SSL certificates provide strong encryption and trust for website visitors while simplifying SSL management for website owners.
It perfectly balances security, flexibility, and convenience for organizations with multiple domains.