Difference between wild card SSL [duplicate]
I have deployed SSL certificates on various websites however this wildcard SSL certificate is totally new to me. I have question that If I am buying a SSL certificate *.example-private.com
, Will it work for *.staging.example-private.com
Or Do I have to buy a different wild card SSL for staging
site. I am going to implement this on new sites.
A wildcard covers only one level. So *.example.com
will cover foo.example.com
, bar.example.com
, and staging.example.com
but not foo.staging.example.com
or example.com
.
However you can have multiple names (including wildcards) on the same certificate, so in principle a single certificate could be issued covering all the above names.
I know that CAs will happilly issue certificates covering both example.com
and *.example.com
, I'm not sure what typical policies are on issuing certificates with more names.
Also I would question whether this is really what you want. Do you really want to put your production secrets on your staging server?
A wildcard only matches one domain level, so *.staging.example.com
would not be matched and you need another cert for subdomains of it.
https://en.wikipedia.org/wiki/Wildcard_certificate
As mentioned by Peter and Sven, a wildcard will only support one wildcard level in the domain name. This said, you have many possible ways to implement a naming scheme.
You can easily set up the servers in your production environment ( work.example.com ) and use the same certificate for your staging ( stagingwork.example.com ) and development ( devwork.example.com ) servers (those are separate from your production servers, correct? :) ). One certificate, many hosts and domain names.
Wildcard SSL Certificate can secure only first level sub-domains of the common name (CN), so when the certificate issued for *.example-private.com it can secure the root domain and it's all first level sub-domains as below.
staging.example-private.com
mail.example-private.com
anything.example-private.com
To secure second level sub-domains as *.staging.example-private.com, you have two options.
1. Purchase another wildcard certificate:
Your administrator needs to purchase the different certificates for each one and manage all certificates configuration, renewal, expiry, and installation.
2. Purchase Multi-Domain wildcard certificate:
This product allows you to secure up to 100 websites and its unlimited sub-domains with a single certificate. You need to set *.example-private.com as your primary domain name and add another domain names in the SAN field.
For Example:
*.example-private.com
*.staging.example-private.com
*.anysub.example-private.com
*.anydomain.tld
For more information about how multi-domain wildcard certificate works, you can refer this link - https://www.ssl2buy.com/comodo-multi-domain-wildcard-ssl.php