Rate this article: (1 votes, average: 5.00)
The most versatile SSL/TLS certificate available today is the multi-domain wildcard, or what’s known as a wildcard SAN certificate. Not only does it give you the flexibility to encrypt multiple domains — up to a total of 2,000 domains per certificate — but it can also secure any associated first-level sub-domains.
Alternatively, you can use a multi-domain wildcard as a multi-level wildcard — meaning that you can secure sub-domains on multiple levels of the URL. This can be especially useful in large enterprise environments.
But aside from the obvious benefits, the wildcard SAN certificate also solves a couple of problems that are specific to standard wildcard certificates. Because the name on your certificate must match the host name a user is connecting with exactly:
Additionally, the following servers don’t support wildcard characters (the asterisk).
Now, unfortunately, the way to order a multi-domain wildcard certificate varies by the certificate authority (CA). Heck, some don’t support the product at all. Others, like Sectigo and DigiCert, require different steps be taken by the customer.
With Comodo CA (powered by Sectigo), ordering and getting a multi-domain wildcard issued is fairly straightforward: You fill out a standard CSR using wildcard SANs where needed and Sectigo issues the certificate following validation.
With DigiCert, on the other hand, you must request a duplicate certificate with the SANs listed specifically 10 at a time. While the limit per duplicate is 10, there is no limit to the number of duplicates you can have issued. Here’s how to do it:
Now, all that’s left is downloading the certificate and installing it on your server!
Much like standard wildcard certificates, multi-domain wildcard SAN certs are only available in two validation levels: domain (DV) and organization (OV). The Certificate Authority/Browser Forum (CA/B Forum) is very strict about EV issuance, and the wildcard character can be used too broadly to be entrusted with EV treatment. So, they prohibit the issuance of EV wildcard certificates altogether.
So, while the multi-domain wildcard is the most versatile certificate in the industry, if you want the green EV bar, you’re going to need to purchase something else.