Wildcard SSLs secure an unlimited amount of subdomains along with a domain name.This means that once you obtain the certificate, you are able to secure all one-level subdomains with the same certificate file.
The great feature of a wildcard certificate is that you do not need to reissue it every time you create a new subdomain and want to secure it. With a wildcard certificate, you already have all the certificate files necessary to secure a new subdomain right away.
Here are some examples of domains and subdomains that can be secured by a wildcard certificate:
Please note that wildcard coverage is performed only for one-level subdomains. So if the certificate is issued for *.example.com, second- or third-level subdomains (*.*.example.com) will not be secured.
It is also worth noting that you only need to validate the main domain name to have the certificate issued. Validation of each subdomain is not necessary.
A Wildcard certificate has the capability to protect users from Man-in-the-middle attack. This is where the attacker secretly relays (and can possibly alter) the communication between two parties who believe they are directly communicating with each other.
There are two validation levels of Wildcard certificates:
These certificates can be issued within 15 minutes and require only domain ownership verification. In their browser, users will see a green padlock icon as an indicator of the certificate having been installed.
- Organization Validation certificates (PremiumSSL Wildcard)
OV certificates are issued within 2 business days since they require verification of your company from a trusted corporate database such as Dun & Bradstreet, Hoovers, Bloomberg, etc. In your browser, you will see the padlock and can view company details by going to Certificate Details in the browser.
Unfortunately, there are no EV Wildcard certificates for public domains on the market due to security restrictions [9.2.2, p. 10] following the requirements of the Certificate Authority/Browser Forum.