menu

Entrust Wildcard SSL

TLS/SSL Certificates

The difference between a Wildcard SSL certificate and other SSL/TLS certificates is that other certificates, which are issued to a single Fully Qualified Domain Name (FQDN), (e.g., www example.com), can only be used to secure the exact domain to which it has been issued. A Wildcard SSL certificate is issued to a “Common Name” *.example.com, and a Subject Alternative Name (SAN) allowing the certificate to be used for an unlimited number of subdomains across an unlimited number of servers. A single Wildcard SSL certificate secures one domain *.example.com, and unlimited subdomains www.example.com, buy.example.com, dev.example.com, mail.example.com, etc.

Entrust Wildcard SSL Certificates can also secure multiple Wildcard SANs. The SAN ensures that the Wildcard certificate works with or without a subdomain: *.example.com, *.example.net, *.sample.com, .examplesample.com.

The combination of flexibility and value gives system administrators the ability to easily add subdomains without the costs or tasks involved with deploying new certificates. Plus all Entrust Wildcard SSL certificates come with a website security bundle to find malware on your website and protect it from being blacklisted.

Our Wildcard offering is the only Wildcard certificate that can also support up to 250 Subject Alternative Names (SANs) allowing you to add other domain names and even unrelated Wildcard domains to one certificate.

The fact that a single Wildcard certificate and its corresponding private key could be used on multiple servers, and can also be used with the appearance of legitimacy with either a fictitious or a fraudulent subdomain name leaves them open to vulnerabilities. Using a single Wildcard certificate to protect multiple servers requires exporting the key-pair from one machine and importing it into one or more other machines. This creates a security vulnerability because the private key now exists in multiple locations. Now the value of that one private key is much greater because it protects more resources. This practice ultimately bypasses controls for those subscribers who rely on the certificate approval procedure to monitor the authorization of new servers and new domains.

  • There are two main attacks facilitated by multi-server certificates:
  •  Eavesdrop: is where an attacker finds their way inside the network and gains the ability to intercept user traffic.
  •  Impersonation: happens when an attacker impersonates a genuine resource within the domain. A victim is lured to a fraudulent resource in the certified domain through a phishing attack.
  • Properly managed Wildcard SSL certificates can provide increased flexibility for system administrators, but they do come with increased risk. Entrust recommends using proper safeguards when deploying Wildcard Certificates. Download the white paper for a more detailed analysis..