What are the pros and cons of a wildcard certificate?

Question

What are the pros and cons of a wildcard certificate?

Resolution

Wildcard certificates give you the ability to secure an unlimited amount of subdomains within a domain name.  While this may seem like a great idea, there are some drawbacks you need to consider.

Pro:
If you have many subdomains (such as www1.domain.com, www2.domain.com, www3.domain.com, etc.) then you can use a single wildcard certificate (*.domain.com) to secure all of them.  This may make sense when you have a large number of subdomains, or your list of subdomains in use is constantly changing.

Con:
The biggest concern with wildcard certificates is that when one server or sub-domain covered by the wildcard is compromised, all sub-domains may be compromised.  In other words, the upfront simplicity of the wildcard can create significant problems should things go wrong.

Suggestion:

While QuoVadis issues wildcard certificates, we recommend the use of SAN (Subject Alternative Name) certificates as a more secure option.  Like the wildcard, a SAN certificate allows the certificate to cover multiple URLs, but restricts it to a specific list of URLs.   The QuoVadis Trust/Link system simplifies your ability to replace the certificate should your desired list of SAN entries change during the validity period.



Add Feedback