Wildcard SSL Certificates
What is a wildcard and for who is it suitable? Summarized a single SSL Certificate to secure unlimited sub domains.
With a single wildcard SSL certificate it is possible to secure several sub domains which reside on the same server and on the same domain level. You will get a *.hereyourname.com and you can connect as many sub domains as you want. This is useful for organizations that host a single domain, but different subdomains (eg webmail.hereyourname.com, http://www.hereyourname.com and shop.hereyourname.com).
Note: Due to the SSL protocol, it is not possible to use your wildcard certificate for *.*.hereyourname.com, such as example.example.hereyourname.com. It is only possible for one sub domain: *.hereyourname.com or example.hereyourname.com.
The wildcard SSL Certificate is an affordable and efficient solution to secure several sub domains with just one single certificate. A big difference with a SAN SSL Certificate is that you do not have to give your sub domains when register. A handy feature if you need a temporary subdomain for instance.
A Wildcard SSL certificate secures your website URL, and an unlimited number of its subdomains. A single Wildcard certificate can secure both http://www.coolexample.com, and blog.coolexample.com.
Wildcard certificates secure all of the subdomains at the level you specify when you submit your request. Just add an asterisk (*) in the subdomain area of the common name where you want to specify the wildcard. For example:
If you configure *.coolexample.com, you can secure
If you configure *.www.coolexample.com, you can secure
Wildcard certificates secure websites the same as a regular SSL certificate, and requests are processed using the same validation methods. However, some Web servers might require a unique IP address for each subdomain on the Wildcard certificate.
NOTE: A Wildcard certificate secures only the level of subdomain you specify. So, if a certificate is configured for *.www.coolexample.com, it will not secure http://www.coolexample.com.
|SAN Certificates: Subject Alternative Name:|
|What is Subject Alternative Name?|
Subject Alternative Names protect multiple host names with a single SSL certificate. It allows to specify a list of
host names to be protected by a single SSL certificate.
The Subject Alternative Name extension has been a part of the X509 certificate standard since before 1999, but
|What can a Subject Alternative Names do?|
Secure host names on different base domains in one certificate. Virtual Host Multiple SSL sites on a single IP address. Hosting multiple SSL-enabled sites on a single server typically requires a unique IP address per site, but a certificate with Subject Alternative Names can solve this problem. Microsoft IIS 6 and Apache are both able to Virtual Host HTTPS sites using Unified Communications SSL certificate, also known as SAN certificates.
|SAN Certificates can secure:
Using a SAN certificate saves the hassle and time involved in configuring multiple IP addresses on Exchange 2007
|How browsers use the Subject Alternative Name field in SSL certificate?|
|When browsers connect to server using https, they check to make sure SSL certificate matches the host name in
the address bar.
There are three ways for browsers to find a match:
1. The host name (in the address bar) exactly matches the Common Name in the certificate’s Subject.
2. The host name matches a wildcard common name. For example, http://www.example.com matches the common
3. The host name is listed in the Subject Alternative Name field.
Comparing the Server Name it connects to with the Common Name in the Server certificate is a common way SSL
|Which SSL clients support Subject Alternative Names?|
|Most mobile devices support Subject Alternative Names but all of them support exact Common Name matching.|
|Because not all mobile devices support the Subject Alternative Name field, it is safer to set Common Name as the Server Name that most mobile devices will use. It may be necessary to use both SAN Certificates and other SSL certificates in situations where the client environment is highly diversified and that may include clients that do no support SAN certificates.|