What are the pros and cons of a wildcard certificate?


What are the pros and cons of a wildcard certificate?


Wildcard certificates give you the ability to secure an unlimited amount of subdomains within a domain name.  While this may seem like a great idea, there are some drawbacks you need to consider.

If you have many subdomains (such as www1.domain.com, www2.domain.com, www3.domain.com, etc.) then you can use a single wildcard certificate (*.domain.com) to secure all of them.  This may make sense when you have a large number of subdomains, or your list of subdomains in use is constantly changing.

The biggest concern with wildcard certificates is that when one server or sub-domain covered by the wildcard is compromised, all sub-domains may be compromised.  In other words, the upfront simplicity of the wildcard can create significant problems should things go wrong.


While QuoVadis issues wildcard certificates, we recommend the use of SAN (Subject Alternative Name) certificates as a more secure option.  Like the wildcard, a SAN certificate allows the certificate to cover multiple URLs, but restricts it to a specific list of URLs.   The QuoVadis Trust/Link system simplifies your ability to replace the certificate should your desired list of SAN entries change during the validity period.

Add Feedback