Pros and Cons of Wildcard SSL Certificates

Here’s an honest accounting of the advantages and disadvantages of Wildcard SSL

A Wildcard SSL Certificate is among the most versatile certificate types available. With one certificate, you can encrypt a website and all of its sub-domains.

Simple, right? But what are the pros and cons of using a Wildcard SSL certificate? Let’s look.

Advantage: Secure unlimited sub-domains

Lots of websites have sub-domains. It’s a standard part of web architecture. What you use your sub-domains for is up to you, but regardless, they need to be secure. Before Wildcard SSL certificates were created, securing a website with sub-domains was a lot more difficult. Not anymore. With one wildcard certificate you can secure:

• Domain.com
• Mail.domain.com
• Members.domain.com
• Dev.domain.com

And any other sub-domains you may have. Just use an asterisk at the sub-domain level you want to encrypt when filling out your Certificate Signing Request. Easy!

Advantage: Wildcards are cheaper than the alternative

Before Wildcards, you would need to purchase an individual SSL certificate for every sub-domain. That’s expensive! A Wildcard SSL certificate can secure unlimited sub-domains at one set cost. A cost that’s much cheaper than the alternative.

Advantage: Easier Certificate Management

Much like Wildcards are cheaper than securing each sub-domain individually, it’s also a much easier way to secure your web footprint from a technical and administrative standpoint. After all, you’re not managing multiple certificates, handling multiple installations and renewal dates and constantly adding more as you grow. No, you’re managing one certificate. Simple!

Advantage: Wildcards Scale Better

Wildcard SSL Certificates grow with you. If, during the lifespan of your wildcard SSL certificate, you add another sub-domain to your website your wildcard certificate will automatically cover it. You don’t even need to re-issue your Wildcard certificate for it to cover the new sub-domain. Wildcards are future-proof.

Are there any disadvantages to Wildcards?

Sure, but they’re a lot less pronounced than the advantages that come with a Wildcard certificates. Generally, the drawbacks to a wildcard are:

• It only covers one sub-domain level. If you are attempting to secure sub-domains at different levels, you will need a Wildcard for each sub-domain level you’re securing.
• If you have multiple parties managing your different subdomains, this may necessitate sharing the private key across your organization and/or vendors, which could increase risk of an unauthorized party accessing your private key
• It is worth noting that if you only use one certificate and private key on multiple servers, one compromise will require reissuing the certificate on all servers.
• Some older mobile device operating systems, including Windows Mobile 5, do not recognize the wildcard character (*).

For most websites, the pros of wildcard certificates far outweigh the cons.