Wildcard Sub-Domain SSL Cert

Having not purchased a wildcard sub-domain SSL cert in the past, I wanted to do a sanity check before plopping down $200 on it... and I figured I'd put it here so others can take advantage of it in the future :-)

My two questions are:

  1. When generating the CSR -- what should the server name be set to? Would that be something like: *.example.com (ie, do I use a literal asterisk character in the name?)

  2. If I have multiple servers on the Net all with the same domain name -- server1.example.com, server2.example.com, server3.example.com, etc -- can that same wildcard SSL Cert and Key be copied across all the servers without issue?

Closed (fixed)


Depends on who your SSL issuer is, some CA's issue Wildcard certs that are limited to only to a single host (Thawte for example) while others allow you to use your cert on as many hosts as you want (Digicert is a good example). But there are other tradeoffs, most issuers that allow unlimited hosts are not direct root CA's and you need to install a chain certificate so the setup is a little more complex (see the SSL info for https://fatbox.ca for an example of the chained cert).

As for your CSR, you will need to put *.domain.com as the common name, with the literal asterisk.

Hope this helps.

PS. If you choose to go with DigiCert and feel like using my affiliate links, let me know :)

Yes, you should enter *.domain.com as the hostname in the CSR.

Since the CSR doesn't have any IP address in it that would tie it to a particular machine, the cert should work fine if copied to other systems hosting sites under the same DNS domain.

Automatically closed -- issue fixed for 2 weeks with no activity.