To keep your site and your visitors’ information safe, you can choose a hosting platform like CMS Hub or a hosting provider that includes SSL certification in its plans. Or you can purchase and install certification from a third-party provider.
When surveying your options, you’ll notice that there’s not just one type of SSL certificate. There’s wildcard SSL certificates, multi-domain certificates, and more. To choose the one that’s right for you, consider how many domains and subdomains you need to manage your business online.
Let’s say you need a custom domain as well as multiple subdomains. For example, HubSpot’s primary domain, hubspot.com, is its main site. You can find information about its products, partners, and more here. HubSpot also owns the subdomains blog.hubspot.com, academy.hubspot.com, knowledge.hubspot.com, and developers.hubspot.com. Each of these subdomains host different properties: the HubSpot blogs, HubSpot Academy, HubSpot Knowledge Base, and HubSpot developers.
To secure these subdomains as well as its root domain, imagine having to purchase, install, and renew an SSL certificate for each. This would cost a lot in dollars and time. Now imagine if you could simply purchase and install one certificate to secure your root domain and all your subdomains. Sounds way simpler, right?
You can do exactly that with a wildcard SSL certificate. Below we’ll take a closer look at what wildcard SSL certificates are, how they work, and how much they cost.
What is a wildcard SSL certificate?
A wildcard SSL certificate is a single certificate used to secure a primary domain and an unlimited number of related subdomains. This type of SSL certificate is a cost-effective option for organizations running and managing a large business site with multiple subdomains.
When purchasing a wildcard SSL certificate, you can configure it to *.yourdomain.com. The asterisk will act as a placeholder for all possible subdomains of yourdomain.com.
A wildcard SSL certificate seems similar to a multi-domain certificate but it has one major difference. While a wildcard SSL certificate can secure unlimited subdomains, it can only secure one root domain. A multi-domain certificate, on the other hand, can secure multiple root domains. This type of certificate is also known as a Subject Alternative Names (SAN) certificate or a Unified Communications certificate (UCC).
Let’s look at an example. Say I’m an entrepreneur with multiple side businesses and have a site for each business. These sites include:
If I want to secure all of these sites on one certificate, then I could purchase a multi-domain certificate.
But what if I have one domain that connects all these sites as multiple subdomains instead? That means the sites I wanted to secure would look something like:
In that case, I’d need a wildcard SSL certificate.
Since multi-domain certificates often only cover a limited number of domains and wildcard SSL certificates cover one primary domain and an unlimited number of subdomains, multi-domain certificates are usually less expensive than wildcard SSL certificates. But wildcard SSL certificates will be more cost-effective in the long run for businesses that add more and more subdomains under their root domain.
Before we dive into how wildcard SSL certificates work, let’s look at the average cost of this type of certificate.
Wildcard SSL Certificate Price
The cost of a wildcard SSL certificate ranges from $40 to upwards of $1,000 per year, depending on the certificate provider and features included.
For example, Comodo is one of the most popular providers. Its cheapest option, the ComodoCA SSL DV Wildcard Certificate, starts at $359 per year. It includes a $250,000 warranty in case the certificate is installed incorrectly as well as daily scans for threats and other security issues.
Its most expensive option, SectigoSSL DV Wildcard Enterprise Bundle, costs $671 per year. In addition to the features offered on the cheapest certificate, this includes automatic security patching, infection removal, backups and restores, a built-in CDN and firewall.
To pick the wildcard SSL certificate that’s right for you, check what security features your website building platform offers. For example, CMS Hub comes with a built-in CDN, firewall, and 24/7 security monitoring and threat detection so you won’t need to pay for a more expensive certificate that offers those features.
Now that we understand what a wildcard SSL certificate is (and what it’s not) and how much it can cost, let’s take a closer look at how it works.
How do wildcard SSL certificates work?
Wildcard SSL certificates work in a similar way to single certificates — data is encrypted through a set of keys, including a public key that is stored on the digital certificate and a private key that is only kept on the server. The difference is that a wildcard SSL certificate and its private key can be copied and uploaded to as many servers as needed to host the primary domain and all of its subdomains.
Once installed, all web traffic between a visitor’s browser and any of the web servers will be encrypted. That means if a hacker intercepts a message between a visitor’s browser and your website’s server, all they’ll see is a bunch of encrypted code. That’s because only the server has the private key that can “unlock” the message.
This particular kind of cryptography — known as public key cryptography — is not foolproof though. In fact, there are specific security drawbacks to using a wildcard SSL certificate. If you use the same certificate and private key across multiple servers, then an attack on one server that reveals the private key might compromise your primary domain and all of your subdomains.
To make your sites less vulnerable, some certificate providers allow you to create unique private keys for each copy of the wildcard SSL certificate you upload to a server. While that will make managing your certificate more difficult, it will make your sites less vulnerable to hackers and other security threats.
Protecting Your Business Online
Using a wildcard SSL certificate, you can protect visitors on your primary domain as well as any related subdomains. This will ensure you can protect your growing online business, while keeping your certificate management and costs low.
Originally published Apr 29, 2020 7:00:00 AM, updated June 14 2022