The best way to secure and protect sub-domains can be accomplished through the use of a WildCard SSL Certificate. These certificates offer convenience and affordability by use of a public key certificate which can be used with multiple sub-domains of a domain. Therefore, instead of purchasing and administering several separate SSL Certificates for each sub-domain, a business can utilize a Wildcard SSL Certificate.
While WildCard SSL Certificates provide versatility, only a single level of sub-domain matching is supported. For example, the use of *.company.com WildCard could be: subscribe.company.com, payment.company.com, login.company.com, or contact.company.com. Although, during the installation process there has been recommendations on changing the WildCard domain names to match the actual account domain name (not installing as *.company.com). It is possible to have a WildCard SSL Certificate installed to more than one sub-domain on a single IP address.
However, If you attempt to update a WildCard SSL Certificate, the single IP address method might not be retained when the WildCard is installed to more than one sub-domain on a single IP address. If there is no manual configuration then each sub-domain or domain will need its own dedicated IP address. A CPanel can be used for easier management over dedicated IP addresses when each site needs its own IP for SSL.
Installing the WildCard SSL Certificate at WHM
The WHM menu path which is used to install SSL Certificates is:
WHM: Main>>SSL/TLS>> Install a SSL Certificate and Setup the Domain
- Copy and paste the WildCard SSL Certificate into the first text area.
- Permit the rest of the text area to be filled automatically.
- Confirm that the SSL Key and CA bundle are accurate.
- Switch the WildCard domain name to match the actual account domain name.
- Double check that the username and IP address match the actual account involved.
Issues with the WildCard SSL Certificate
Some mobile devices might not be able to connect because of authentication issues if they do not trust the certificates (because the certificate is not trusted by the customer’s browser). To help prevent this error it is best to use a trusted provider of WildCard SSL Certificates that issues a certificate the user’s browser will rely on. Basic browsers that do not support “Certificate Request” may have problems because the certificate appears invalid due to lack of verification. Intermediate Certificates are used to connect an SSL Certificate to a trusted root certificate. Commercial Certificates have the trusted root certificate built in.
Although many platforms, devices, servers, services work well with the WildCard Certificates, there are some that are incompatible such as:
- Microsoft Office Communications Server
- Microsoft Lync Server
- Oracle Wallet Manager
- Windows Mobile 5 Devices
The WildCard SSL Certificate as a Solution
There are different products which can be used to provide SSL for websites. It is important to consider which domains and sub-domains need to be protected, how they can best be protected, and what cost is affordable for the business. A WildCard SSL Certificate is a versatile tool, although it does have its limitations. IT Professionals and Web Security Experts should consider the effectiveness of the WildCard SSL Certificate in providing the security they need in the areas that they desire.
Money can be saved when using a certificate such as the WildCard by avoiding the individualized costs of other various certificates. So long as the WildCard has been properly installed it is a great resource in providing easier web security administration in a cost-effective manner. As mentioned before, the WildCard SSL Certificate will only apply to those servers which are compatible and only to secure and protect sub-domains. There are other options if protection is needed for various domain names.