Does a Wildcard SSL Certificate Cover the Root Domain?

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 5.00)
Loading...

“Does a wildcard certificate work for the root domain?” Yes, all types of wildcard certificates have the capability (just in different ways). Learn how to use a wildcard SSL certificate to cover your primary domain and virtually unlimited first-level subdomains.

A Standard Wildcard Certificate Secures the Root Domain

A wildcard SSL certificate secures a single root domain along with virtually all of its first-level subdomains. You’ll use an asterisk (*) as a placeholder in the SSL certificate’s Common Name (CN) field to do this. For instance, a wildcard SSL certificate for *.example.com will allow you to secure www.example.com, mail.example.com, login.example.com, support.example.com, and so on.

However, it’s important to clarify that a standard wildcard SSL certificate typically does not cover second-level subdomains (like dev.mail.example.com or myaccount.login.example.com) unless specifically configured to do so. Rather, it’s typically used to secure first-level subdomains.

Because a standard wildcard certificate can only secure virtually unlimited subdomains on a single level, it can’t be used to secure first-level and second-level subdomains concurrently. (You’d need a separate certificate for second-level subdomains.)

Wildcard SSL Certificate

Secure Your Domain & First-Level Subdomains with Comodo Wildcard SSL

Don’t hassle with multiple certificates when one can cover all your needs, including future subdomains you may add. Invest in a secure, scalable solution starting at an unbeatable price of $156.02/year.
GET A WILDCARD CERTIFICATE

So, what do you do if you want to secure multiple levels of subdomains simultaneously? We’ll discuss that more later in this article.

Does a Standard Wildcard Certificate Cover Unlimited Root Domains?

No. Again, a basic wildcard SSL certificate is restricted to one root domain and its direct subdomains. Therefore, if you secure *.example.com, the certificate’s coverage does not extend to any other root domains like example2.com or example.org. They’re separate properties that must be handled accordingly using separate certificates.

So, How Do I Secure My Multiple Root Domains with a Single Certificate?

You can do this using one of two types of multi-domain or Subject Alternative Name (SAN) SSL certificates. Each certificate allows you to secure multiple root domains and their subdomains in different ways:

  • Multi-Domain SSL Certificate: This certificate type allows you to secure your main domain (listed as the Common Name), multiple alternative domains, and specified subdomains using separate Subject Alternative Names (SANs).  
  • Multi-Domain Wildcard SSL Certificate: This certificate allows you to secure your main domain, separate SAN domains, and virtually unlimited multi-level subdomains under one certificate. How? By listing the primary domain, additional SAN domains, and wildcard subdomains as separate SAN entries on the certificate. NOTE: The wildcard domain can’t be the Common Name (CN) when using a multi-domain wildcard certificate.

Let’s break down the capabilities and features of a standard wildcard SSL certificate and contrast them with multi-domain and multi-domain wildcard SSL certificates:

Standard Wildcard SSL FeaturesMulti-Domain/SAN SSL FeaturesMulti-Domain Wildcard SSL Features
Root Domain SecuritySecures the wildcard domain (*.example.com) as the CN, the primary domain must be specified fully qualified domain name (FQDN) as a SAN.Secures the primary FQDN root domain and can extend protection to multiple alternative root domains using additional SANs.Enables you to secure your FQDN primary root (as the CN) and additional alternative root domains using separate SANs.
Subdomain SecurityOffers virtually unlimited subdomain coverage for one main domain at the first level.Optional coverage of subdomains specified on the certificate as SANs. (Wildcard domains are not supported.)Offers virtually unlimited coverage of wildcard subdomains on individual levels using separate SANs (*.sub1.example.com, *.sub2.example.com).
ValidationAvailable in domain validation.Available in domain validation (DV), organization validation (OV), and extended validation (EV).Available in domain validation (DV) and organization validation (OV)
Management EfficiencySimplifies SSL certificate management by eliminating the need for separate subdomain certificates.Provides a single management point for all covered domains and their specified subdomains.Simplifies certificate lifecycle management for all covered domains and their subdomains.
ScalabilitySuitable for businesses with a single domain that may develop an extensive network of subdomains.Scales with organizational growth, enabling you to cover many SAN domains and specified subdomains.Scales with organizational growth, accommodating many SAN domains and virtually unlimited subdomains.
Adaptability for growthIdeal for growing small businesses within a single domain structure.Ideal for mid-size organizations that need to secure multiple specified root domains and subdomains but need a higher level of validation.Ideal for larger-scale environments, as it enables you to secure multiple specified root domains and subdomains.
PricingPrices start as low as $69.78/year Shop Wildcard CertificatesPrices start as low as $18.81/year Shop Multi-Domain CertificatesPrices start as low as $156.02/year Shop Multi-Domain Wildcard Certificates

How to Secure Multi-Level Subdomains on Multiple SAN Domains?

Before you ask, no, you can’t include more than one star in the domain(s) you want to cover, and the star has to be placed on the front end (not in the middle) to signify the subdomain level you want to secure. The format is wrong. For example, you cannot use any type of wildcard certificate to secure a domain a second-level subdomain like sub.*.example.com or *.*.example2.com. The correct format specifies the first-level subdomain so that a second-level subdomain or second-level wildcard subdomain can be used.

However, a multi-domain wildcard SSL certificate can be configured to secure the following example subdomains using separate SANs for each:

 Example Wildcard Domain SANSecures First-Level SubdomainsSecures Second-Level Subdomains
1.*.example.comSecures subdomains like blog.example.com and shop.example.comN/A
2.*.blog.example.comN/ASecures subdomains like news.blog.example.com or subscribe.blog.example.com
3.*.example2.comSecures subdomains like www.example2.com, mail.example2.com, and files.example2.com.N/A
4.*.files.example2.comN/ASecures subdomains like secure.files.example2.com and login.files.example2.com
5.*.example.orgSecures subdomains like forum.example.org, members.example.org, etc.N/A
6.*.forum.example.orgN/ASecures subdomains like member.forum.example.org or login.forum.example.org.

This configuration exemplifies the scalability of multi-domain wildcard certificates to accommodate various subdomain structures under multiple root domains using additional SANs.

does wildcard ssl cover root domain

Image caption: An illustration of the hierarchical structure of SSL coverage, from the root domain down to the first and second-level subdomains, all secured under HTTPS.

This singular certificate approach not only simplifies management but also scales to protect various levels of subdomains for each root domain. This ensures thorough scalable coverage as an organization’s digital footprint grows.

Wildcard SSL Certificate

Get a Positive Multi-Domain Wildcard SSL Starting at $156.02/Year

Don’t manage separate certificates for each domain! Extend robust protection to up to 1,000 domains and their subdomains, ensuring all are secure under one certificate.
SECURE YOUR DOMAINS NOW

Wrapping Up on Root Domain Coverage in Wildcard SSLs

Understanding the differences between wildcard and multi-domain wildcard SSL certificates is fundamental for aligning your root domain with your website’s overall security posture. To summarize:

  • Wildcard SSL certificates are configured to secure one root domain and first-level subdomains, offering a straightforward approach to single-domain protection.
  • Multi-domain wildcard SSL certificates are ideal for organizations managing multiple root domains and their respective subdomains on various levels. They can specify the domains and wildcard subdomains using separate SANs. They simplify security administration and certificate management across broader domain environments, giving more bang for your buck.

Multi-domain SSL certificates serve as a third option for securing multiple domains and subdomains while providing a higher level of validation. This allows you to simplify the security management of specific domains and subdomains using a single certificate using SANs. However, it doesn’t provide the wildcard functionality you’d get with a multi-domain wildcard SSL certificate.

Thus, selecting the right SSL certificate involves thoroughly assessing your domain structure to ensure a tailored security solution.

Wildcard SSL Certificate

Choosing the Right Wildcard SSL Certificate Doesn’t Have to Be Complicated

Compare and find the best certificate for your website security needs. Explore your options with prices starting at just $69.78/year for a basic wildcard certificate.
COMPARE WILDCARD CERTIFICATES