A Look at Single-Domain and Multi-Domain Wildcard SSL Certificates (with Examples) 

It’s amazing how something so simple as adding an asterisk (*) to your domain can secure your subdomains. Explore these wildcard certificate examples to see what best fits your needs.

A wildcard SSL certificate is a powerful tool that encrypts your primary website and virtually unlimited subdomains. Depending on the type of wildcard certificate you get, it can secure some or virtually all of your organization’s online presence, making it an invaluable asset for businesses with numerous subdomains.

Types of Wildcard SSL Certificates

This article will explore two wildcard certificate examples to illustrate how they cater to different business uses and applications:

• Single-domain wildcard SSL certificates: Each certificate is used to secure a domain and its first-level subdomains (*.mydomain.com).
• Multi-domain wildcard SSL certificates: One of these certificates offers broad coverage for multiple domains (e.g., mydomain.com and mydomain1.com) and wildcard subdomains (*.sub.mydomain.com, *.sub.mydomain1.com, etc.). These certificates are ideal for complex web infrastructures.

Do you have a wildcard certificate and want to know how to put it to use? Check out our related resource: “How to Use a Wildcard SSL Certificate.”

Breaking Down the Wildcard SSL Certificate Categories With Examples

Whether you’re operating an e-commerce platform, a customer service portal, or an internal communication system, understanding the right wildcard SSL certificate for your setup is not just important; it’s practical. 

You have two main categories of wildcard SSL certificates to choose from that are divided by what they cover:

1. Single-Domain Wildcard SSL Certificates

A single-domain wildcard SSL certificate secures your primary domain along with a single level of virtually unlimited subdomains. What we mean by this is that you can use a basic wildcard SSL certificate to cover first-level subdomains, second-level subdomains, or third-level subdomains.

However, you can’t use a single certificate to secure multiple levels of subdomains simultaneously. It just won’t work because that’s not what it’s designed to do. You’d have to use multiple certificates, one to secure each level.

For example, to secure first-level subdomains, use the asterisk symbol (*) before your main domain (*.mydomain.com) in the Common Name (CN) field of the basic wildcard certificate. This ensures that the certificate applies to any subdomain that fits the pattern, for example, first-level subdomains like products.mydomain.com, blog.mydomain.com, and support.mydomain.com.

The primary domain (e.g., mydomain.com) is also set as a Subject Alternative Name (SAN) field on the certificate as well, as shown below:

A Single-Domain Wildcard SSL Certificate Example

Image caption: An example of two wildcard SSL certificates in action, identifiable by the asterisk (*) at the start of each wildcard domain common name: *.wordPress.com, *.semrush.com, etc. This approach ensures security for both sites’ first-level subdomains.

Scenario: Your primary domain, mydomain.com, hosts several services, each on its own first-level subdomain that you wish to secure.

Common Name (CN) field: You set it to *.mydomain.com

Examples of covered first-level subdomains:

• customer.mydomain.com for customer service portal
• payment.mydomain.com for handling transactions
• forum.mydomain.com for community discussions
• developer.mydomain.com for developers
• secure.mydomain.com for sensitive information exchange

Enable Effortless Subdomain Security with a Basic Wildcard SSL Certificate

Using a wildcard SSL certificate, represented by *.mydomain.com, automatically encrypts all first-level subdomains of mydomain.com. 

This approach reduces the complexity for the domain owner, enabling them to secure virtually unlimited subdomains under a single certificate. This ensures simpler and more cost-effective certificate lifecycle management.

What If You Want to Secure Multiple Levels of Subdomains?

Sure, you could use a single-domain wildcard SSL certificate to secure your domain + first-level subdomains. But to secure your second-level subdomains, you’d either have to:

• Buy a separate wildcard SSL certificate for each separate level of subdomains, or
• Purchase a multi-domain wildcard SSL certificate (which we’ll speak about momentarily) that will cover multiple domains and multiple levels of subdomains (by setting the appropriate SANs).

Basically, each subdomain level requires its own basic wildcard certificate or a multi-domain certificate to cover all of them using SANs.

2. Multi-Domain Wildcard SSL Certificates

Multi-domain wildcard SSL certificates are more complex and comprehensive than their basic wildcard SSL counterparts. These certificates are well-suited for securing multiple domains and their subdomains (across multiple levels) with a single certificate. They can secure up to 250 domains (using SANs) and unlimited subdomains, offering a cost-effective and efficient solution for managing a broad web presence.

NOTE: The CN must be a fully qualified domain name (FQDN) for multi-domain wildcard certificates. The CN can’t be a wildcard domain. So, for example, you’d set the CN as mydomain.com instead of *.mydomain.com. Here’s an example of how that looks that we captured from Amazon.com:

A multi-domain wildcard certificate is a clear example of a solution that’s beneficial for organizations that manage multiple domains with numerous subdomains under each. But did you know that multi-domain wildcard SSL certificates also go by a couple of other names?

Multi-Domain Wildcard Certificates vs SAN/UCC Wildcard Certificates

Let’s be frank: the naming conventions for SSL/TLS certificates can be a bit confusing. This is especially true for certificates that cover wildcard domains in some capacity. For example, there are multi-domain wildcard certificates, UCC wildcard certificates, and SAN wildcard certificates. But what are the differences between them?

When you see certificates labeled as “SAN wildcards,” “multi-domain wildcards” or “UCC wildcards,” they’re essentially the same because they allow multiple domain names and wildcard subdomains to be secured using a single SSL certificate.

Once upon a time, UCC (Unified Communications Certificate) wildcard SSL certificates were specifically for businesses that used unified communications platforms (i.e., Microsoft Exchange or Office Communications server). Nowadays, however, UCC wildcard certificates can be deployed in most server environments. This is why, for all intents and purposes, they’re essentially just another name for multi-domain (SAN) wildcard certificates.

Multi-Domain Wildcard SSL Certificate Examples

Scenario: You manage several domains (mydomain.com, mydomain1.com, and mydomain2.net), each hosting various services, and want to secure those domains along with their first- and second-level subdomains.

Common name (CN) field: You set it to mydomain.com

Examples of separate SANs to cover alt domains and first- and second-level subdomains:

• mydomain.com,
• *.mydomain.com,
• *.sub.mydomain.com,
• mydomain1.com,
• *.mydomain1.com,
• *.sub.mydomain1.com,
• mydomain2.net,
• *.mydomain2.net,
• *.sub.mydomain2.net

Here’s a multi-domain wildcard certificate example of the SAN field values listed for Amazon.com:

Examples of What Would Be Covered By This Certificate:

• MyDomain.com: The above SAN specifics approach would cover
  • Your primary domain (mydomain.com)
  • First-level subdomains like account.mydomain.com and docs.mydomain.com, and
  • Second-level subdomains like eu.account.mydomain.com, and wiki.docs.mydomain.com.
• Mydomain1.com: The above SAN specifics approach would cover
  • Your primary domain (mydomain1.com)
  • First-level subdomains like support.mydomain1.com and
  • Second-level subdomains like ticket.support.mydomain1.com
• MyDomain2.net: The SANs approach would cover
  • Your primary domain(mydomain2.net)
  • First-level subdomains like store.mydomain2.net and
  • Second-level subdomains like mycart.store.mydomain2.net

The above configuration offers extensive security coverage for a range of domains and their associated subdomains at both the first and second levels. As such, this certificate is an ideal choice for businesses that operate multiple service platforms across various domain names.

Difference Between Single- and Multi-Domain Wildcard SSL Certificates

Feature	Single-Domain Wildcard SSL	Multi-Domain/SAN/UCC Wildcard SSL
What It Covers	Secures your primary domain and unlimited subdomains using a single certificate.	Secures your main domain (using the CN and a SAN) and multiple domains (using SANs) with virtually unlimited subdomains under one certificate.
Validation Levels	Offers domain validation (DV) and organization validation (OV). EV SSL certificates are not available for wildcard subdomains.	Provides DV and OV options. Extended validation (EV) isn’t available due to the nature of wildcard coverage.
Ideal Organizations	Businesses that require a streamlined approach to secure many single-level subdomains for a single domain.	Organizations that want to streamline the management of certificates for multiple domains and numerous subdomains.

Wrapping Up the Wildcard SSL Certificate Examples

As we conclude our exploration of wildcard SSL certificate examples, it’s clear that these versatile digital security tools are essential for businesses seeking streamlined protection. With the capability to secure an entire suite of subdomains under one umbrella file, a multi-domain wildcard certificate offers a pragmatic and efficient approach to safeguarding your online presence.  

For those managing complex web infrastructures or unified communications systems, Comodo’s basic and multi-domain wildcard SSL certificates provide a range of strategic solutions. Want to enable domain and multi-level subdomain coverage under one certificate? Look no further and check out Comodo SSL’s wide selection of wildcard SSL certificates.