Difference between wild card SSL [duplicate]

I have deployed SSL certificates on various websites however this wildcard SSL certificate is totally new to me. I have question that If I am buying a SSL certificate *.example-private.com, Will it work for *.staging.example-private.com Or Do I have to buy a different wild card SSL for staging site. I am going to implement this on new sites.


A wildcard covers only one level. So *.example.com will cover foo.example.com, bar.example.com, and staging.example.com but not foo.staging.example.com or example.com.

However you can have multiple names (including wildcards) on the same certificate, so in principle a single certificate could be issued covering all the above names.

I know that CAs will happilly issue certificates covering both example.com and *.example.com, I'm not sure what typical policies are on issuing certificates with more names.

Also I would question whether this is really what you want. Do you really want to put your production secrets on your staging server?


A wildcard only matches one domain level, so *.staging.example.com would not be matched and you need another cert for subdomains of it.

https://en.wikipedia.org/wiki/Wildcard_certificate


As mentioned by Peter and Sven, a wildcard will only support one wildcard level in the domain name. This said, you have many possible ways to implement a naming scheme.

You can easily set up the servers in your production environment ( work.example.com ) and use the same certificate for your staging ( stagingwork.example.com ) and development ( devwork.example.com ) servers (those are separate from your production servers, correct? :) ). One certificate, many hosts and domain names.


Wildcard SSL Certificate can secure only first level sub-domains of the common name (CN), so when the certificate issued for *.example-private.com it can secure the root domain and it's all first level sub-domains as below.

staging.example-private.com
mail.example-private.com
anything.example-private.com

To secure second level sub-domains as *.staging.example-private.com, you have two options.

1. Purchase another wildcard certificate:

Your administrator needs to purchase the different certificates for each one and manage all certificates configuration, renewal, expiry, and installation.

2. Purchase Multi-Domain wildcard certificate:

This product allows you to secure up to 100 websites and its unlimited sub-domains with a single certificate. You need to set *.example-private.com as your primary domain name and add another domain names in the SAN field.

For Example:

*.example-private.com
*.staging.example-private.com
*.anysub.example-private.com
*.anydomain.tld

For more information about how multi-domain wildcard certificate works, you can refer this link - https://www.ssl2buy.com/comodo-multi-domain-wildcard-ssl.php