Difference between wild card SSL [duplicate]

ssl ssl-certificate wildcard wildcard-subdomain

I have deployed SSL certificates on various websites however this wildcard SSL certificate is totally new to me. I have question that If I am buying a SSL certificate *.example-private.com, Will it work for *.staging.example-private.com Or Do I have to buy a different wild card SSL for staging site. I am going to implement this on new sites.


A wildcard covers only one level. So *.example.com will cover foo.example.com, bar.example.com, and staging.example.com but not foo.staging.example.com or example.com.

However you can have multiple names (including wildcards) on the same certificate, so in principle a single certificate could be issued covering all the above names.

I know that CAs will happilly issue certificates covering both example.com and *.example.com, I'm not sure what typical policies are on issuing certificates with more names.

Also I would question whether this is really what you want. Do you really want to put your production secrets on your staging server?


A wildcard only matches one domain level, so *.staging.example.com would not be matched and you need another cert for subdomains of it.

https://en.wikipedia.org/wiki/Wildcard_certificate


As mentioned by Peter and Sven, a wildcard will only support one wildcard level in the domain name. This said, you have many possible ways to implement a naming scheme.

You can easily set up the servers in your production environment ( work.example.com ) and use the same certificate for your staging ( stagingwork.example.com ) and development ( devwork.example.com ) servers (those are separate from your production servers, correct? :) ). One certificate, many hosts and domain names.


Wildcard SSL Certificate can secure only first level sub-domains of the common name (CN), so when the certificate issued for *.example-private.com it can secure the root domain and it's all first level sub-domains as below. 

staging.example-private.com
mail.example-private.com
anything.example-private.com

To secure second level sub-domains as *.staging.example-private.com, you have two options.

1. Purchase another wildcard certificate:

Your administrator needs to purchase the different certificates for each one and manage all certificates configuration, renewal, expiry, and installation.

2. Purchase Multi-Domain wildcard certificate:

This product allows you to secure up to 100 websites and its unlimited sub-domains with a single certificate. You need to set *.example-private.com as your primary domain name and add another domain names in the SAN field.

For Example:

*.example-private.com
*.staging.example-private.com
*.anysub.example-private.com
*.anydomain.tld

For more information about how multi-domain wildcard certificate works, you can refer this link - https://www.ssl2buy.com/comodo-multi-domain-wildcard-ssl.php

Related

Where are the ntpd log file located, and how can we configure the ntpd log file path?
proFTPD unable to determine IP address
Free / Cached / Available memory on Linux
CNAME okay for primary DNS record?
How compatible are SFPs really?
redirect to domain without www
Load balancing and HTTPS strategies
Understanding exim configuration files
How can I eliminate the huge, cached MSI files in C:\Windows\Installer?
Shared File Systems between multiple AWS EC2 instances
ext3_dx_add_entry: Directory index full
What are semaphores and how are they caused?