How to secure multi-level subdomains with Wildcard certificates?

messi62

SSL certificates can protect websites of any size and complexity. Since HTTPS became a requirement, more and more users have learned how to install and manage SSL certificates on various platforms. However, less tech-savvy users face serious problems when multi-level subdomains come into play.

Unlike regular websites that use a single SSL certificate, you can encrypt multi-level subdomains using different types of certificates. The million dollar questions: How many SSL certificates do you need to secure multi-level subdomains? Is a wildcard certificate enough for multi-level subdomains? In this article, we will answer this question and take a closer look at subdomain security.

Table of contents

Wildcard SSL Certificates – A Brief Overview
Wildcard Certificates for Second Level Subdomains
Encrypt multi-level subdomains with Multi-Domain Wildcard SSL Certificates.
Wildcard SSL Certificates – A Brief Overview
We've already covered Wildcard SSL in detail in our blog and FAQ sections. But for this post, let's recap its capabilities and limitations.

A regular SSL certificate protects a single domain mobile app development service name or fully qualified domain name (FQDN). These two parameters must match for the certificate to be valid. With the wildcard option, you can protect an unlimited number of first-level subdomains along with your primary domain, all within a single SSL installation.

When you order an SSL certificate , the first step is to generate a CSR (Certificate Signing Request) . For a Wildcard certificate, you need to add an asterisk (*) before the domain name you want to secure. . You can encrypt any subdomains you want along with the single domain without an additional certificate.




A single wildcard certificate encrypts an unlimited number of subdomains at a single level. For example, a wildcard certificate for *.yourdomain.com would encrypt:

But what if you need to secure two-level or multi-level subdomains? Do you need multiple Wildcard SSL certificates ?

Wildcard Certificates for Second Level Subdomains
In the Domain Name System (DNS) hierarchy, a second-level subdomain is a subdomain that appears directly below the first subdomain. Confused? Here's what that would look like in a URL:

To create a CSR that provides a wildcard certificate for a second-level subdomain, you need to know the subdomain you want to subdivide further. For example, if you used a first-level wildcard with the FQDN  then that wildcard would represent mail The list of these first-level wildcards can include anything you choose, and you don't need multiple certificates to protect them.

Now, to create a subdivision within you must generate a CSR with the format *.blog.yourdomain.com instead of FQDM. Here, the asterisk replaces all potential second-level subdomains of the “blog” subdomain.

But what happens if you want to add a second-level subdomain to one of your other subdomains, such as news.yourdomain.com? You'll need another wildcard certificate.