SSL certificates can secure websites of any size and complexity. Since HTTPS became a requirement, more users have learned how to install and manage SSL certs on different platforms. However, the less tech-savvy folks face stern challenges when the multi-level subdomains come into the equation.
Unlike regular websites that use a single SSL certificate, you can encrypt multi-level subdomains with different types of certs. The million-dollar questions are how many SSL certificates do you need to secure multi-level subdomains? Is a wildcard certificate for multiple-level subdomains enough? In this article, we’ll tell you the answer and explore deeper subdomains security.
Table of Contents
- Wildcard SSL Certificates – A Quick Overview
- Wildcard Certificates for Second-Level Subdomains
- Encrypt Multi-Level Subdomains With Multi-Domain Wildcard SSL Certs
Wildcard SSL Certificates – A Quick Overview
We’ve already covered Wildcard SSL extensively in our blog and FAQ sections. But for this post, let’s recap its features and limitations.
A regular SSL certificate protects a single domain name or Fully Qualified Domain Name (FQDN). The two must match for the certificate to be valid. With the wildcard option, you can secure unlimited first-level subdomains along with the main domain, all under a single SSL installation.
When you order an SSL certificate, your first step is to generate a CSR (Certificate Signing Request). For a Wildcard cert, you need to add the asterisk (*) symbol before the domain name you want to secure. For example, *.yourdomain.com. You can encrypt any subdomains you need along with the single domain without an extra certificate.
A single wildcard certificate encrypts unlimited subdomains on the same level. For instance, a wildcard certificate for *.yourdomain.com will encrypt:
- blog.yourdomain.com
- news.yourdomain.com
- mail.yourdomain.com
But what happens when you need to secure two-level or multi-level subdomains? Do you need several Wildcard SSL certificates?
Wildcard Certificates for Second-Level Subdomains
In the Domain Name System (DNS) hierarchy, a second-level subdomain is a subdomain that is directly below the first subdomain. Seems confusing? Here’s how it would look in the URL:
secondlevel.firstlevel.yourdomain.com
To create a CSR that provides a wildcard certificate for a second-level subdomain you will need to know the subdomain you wish to divide further. For instance, if you were using a first-level wildcard with the FQDN *.yourdomain.com, the wildcard will be a placeholder for blog.yourdomain.com, news.yourdomain.com, and mail.yourdomain.com. The list of these first-level wildcards can include anything you choose, and you don’t need multiple certificates to secure them.
Now, to create a subdivision within blog.yourdomain.com, you would generate a CSR with the format *.blog.yourdomain.com in place of the FQDM. Here the asterisk is substituting all the potential second-level subdomains of the “blog” subdomain.
But what happens when you want to add a second-level subdomain to one of your other subdomains like news.yourdomain.com? You would need another wildcard certificate.
Unfortunately, it’s not possible to encrypt both the subdomains of blog.yourdomain.com and news.yourdomain.com with a single Wildcard SSL certificate. Certificate Authorities only issue an SSL certificate with a single (*). You simply can’t generate a CSR for multiple subdomains that looks like *.*.yourdomain.com to try to cover more than one second-level subdomain group. The asterisk only applies to one field in the name submitted to the CA.
Ultimately, it’s all about security as the CAs have to verify every SSL application. Too many variables in the certificate like multi-level subdomains would strain CAs’ resources. Nonetheless, there’s an excellent solution for multi-level subdomains – Multi-Domain Wildcard SSL certificates.
Encrypt Multi-Level Subdomains With Multi-Domain Wildcard SSL Certs
A Multi-Domain Wildcard SSL certificate is the most convenient and cost-efficient solution when you need to secure multiple websites and/or multi-level subdomains. It secures multiple domains and allows encrypting multiple levels of subdomains with one certificate. Like the wildcard certificate, thanks to an unlimited server license, it can work whether the websites are on the same, separate, or multiple servers.
Suppose you have to secure the following 8 subdomains:
- yourdomain.com
- blog.yourdomain.com
- news.yourdomain.com
- dev.yourdomain.com
- dev.blog.yourdomain.com
- dev.news.yourdomain.com
- abc.news,yourdomain.com
- xyz.news.yourdomain.com
If you used a standard single-domain SSL certificate, you’d need 8 separate SSL certificates. That’s a lot of hassle and money, so a single certificate is not suitable for the task.
With a Wildcard SSL certificate, you can narrow down the number of required certs to just 4:
- *.yourdomain.com
- *.blog.yourdomain.com
- *.news.yourdomain.com
- *.dev.yourdomain.com
That’s a lot of savings, but still a costly option with time spent on installation and renewal.
A multi-domain SSL Wildcard certificate comes with 3 SANs (Subject Alternative Names by default) and up to 250 SANs for an additional fee. In our case, you’d need to buy just one multi-domain wildcard certificate and add just one SAN. Thus all your four sites will be encrypted under one multi-level wildcard cert.
Conclusion
You can’t encrypt second-level subdomains with a separate Wildcard SSL certificate. If you have multiple levels of subdomains, a multi-domain wildcard SSL certificate is your best option! Instead of buying more than one wildcard SSL certificate for second-level subdomains, you will save precious time and money with just one multi-domain wildcard cert during both the first installation and renewals. Multi-level wildcard options are becoming increasingly popular as the Internet evolves and the need to secure multiple domains and subdomains grows.
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10
