Standard SSL Certificate or Wildcard SSL Certificate? Which is good for your website?
When you start working on a website, one of the first choices that you need to make is the choice of SSL certificate to use. There is a wide range of options available, with certificates classified in DV, OV, and EV categories. But even after you decide which of these certificate types is right for you, you are faced with another dilemma: a standard SSL certificate or a wildcard certificate! And you are like… Ah no, what kind of maze I am navigating through!
But do not worry, we have got you covered. By the end of this article, you will know clearly which types of ssl certificates you need and why. We hope you already understand what SSL is and what it does, so we are not going into those basics here, just jumping straight into the meat of the matter.
Without taking any more time, let us get started with a brief intro of both standards as well as wildcard SSL certificates.
What is a Standard SSL certificate?
A standard SSL certificate – also known popularly as a Single domain SSL certificate – provides protection to only one domain. You cannot protect multiple domains with it. But, you can even protect any of the subdomains that you create under your root domain. Nothing more, nothing less. If you want to protect multiple subdomains with a standard SSL certificate, you need to purchase multiple certificates for each of your subdomains.
With that in mind, now let us look on wildcard SSL certificates.
What is a Wildcard SSL certificate?
A wildcard SSL certificate is generated by adding a wildcard prefix (*) to the root domain name while generating the Certificate Signing Request (CSR). So instead of purchasing the certificate for your root domain, you purchase the certificate for *.yoursite.com, where * refers to any of the subdomains that you may create one level away from your root domain. What it means is that you can protect your main website as well as other websites created on various subdomains that are one level away from your root domain. For example, a wildcard SSL certificate purchased for yoursite.com can protect:
And so on. All subdomains that are immediately one-level away from your root domain can be protected with a wildcard certificate. Other subdomains that are more than one level away, however, cannot be protected with this certificate. Examples of such domains include:
As you can see, all these domains are two levels below in the hierarchy of the root domain. The root domain is yoursite.com, level 1 subdomains are payments, contact and blog – all of which can be protected with the wildcard certificate. On the other hand, subdomains which are 2nd levels below in the hierarchy are UK, service, and English, which cannot be protected with it.
Similarities between Wildcard and Standard SSL certificates
Before we dive into the differences of standard and wildcard SSL certificates, let us jump into the similarities that exist between both these certificates. First, the functionality and protection strength remains the same.
Both wildcard, as well as standard SSL certificates, protect your site through the same process and methodology, and both use 2048-bit RSA signature keys. Both certificates use 256-bit encryption.
Differences between Wildcard SSL and Standard SSL certificates
The first and the biggest difference, as we explained above, is in the number of domains and subdomains that you can protect. While a standard SSL certificate allows you to protect only the root domain of your site, a wildcard certificate extends the protection to all your subdomains that you create one-level away from the root domain.
- Sharing of keys: The second difference is in the sharing of private keys. While in standard SSL certificate the private key of the domain is not used by any of the other domain/subdomains; in wildcard SSL certificates the private key is shared between the various subdomains that you create on your site (thus facilitating the protection of all subdomains with one certificate). On the other hand, if you use a standard SSL certificate then you will have to purchase multiple such certificates to protect all your subdomains individually, and their keys will be separate.
- Cost: This difference is derived from the difference we just talked about. As you can imagine, if you purchase multiple SSL certificates for all your subdomains as well as the root domain, things are going to get quite dearer depending on the number of subdomains you’ve. On the other hand, if you purchase just a wildcard SSL certificate that works on all your subdomains then it will cost less.
- Certificate Management: Another difference between wildcard and standard SSL certificate is in the management of these certificates. As we explained above, while going through the standard route you need to create different SSL certificates for all your subdomains. However, while going through the wildcard route you can easily manage your certificates as you will have to manage only one certificate.
EV option not available: You cannot get an Extended Validation (EV) SSL certificate if you are opting for a wildcard certificate. The category just does not exist, and the reason behind that is linked to the sharing of private keys and authentication of each subdomain. EV SSL certificates come with the highest level of assurance and sharing of keys is not a good phenomenon.
If various subdomains in your organizations are used and accessed by people other than you, the shared keys can increase the risk of your SSL certificate being compromised by someone from within the organization.
It depends on the structure of your organization and the procedures you follow, but EV SSL certificates do not leave anything to the subjectivity of organizations, they simply do not offer the option of wildcard certificates.
If you want a wildcard SSL certificate, you must choose between a Domain Validation (DV) or Organization Validation (OV) SSL certificate.
Differences and similarities between wildcard and standard SSL certificates
Here is a brief look on the similarities and differences between both these certificates:
|Criteria||Wildcard certificates||Standard certificates|
|Encryption strength||Up to 256-bits||Up to 256-bits|
|RSA signature keys||2048-bits||2048-bits|
|Number of subdomains that can be protected||Unlimited||Only one – the www and non-www version of the root domain|
|Sharing of private keys||Shared between various subdomains||Not shared|
|Cost||Slightly expensive than standard certificates||Less expensive than wildcard certificates, but costs can add up if you need to protect multiple subdomains|
|Certificate management||Simple – you manage only one certificate for your root domain and all subdomains||Simple, only if you do not create subdomains or leave your subdomains unprotected|
|Types of certificates available||DV and OV. EV option not available||Available in all popular options – DV, OV, and EV|
Conclusion: Which certificate is best for your organization?
The answer to which certificate you should choose for your organization depends a lot upon the nature of your organization and the way you are planning to structure your website. If you are going to create a simple website with no subdomains at all, an unarguably standard SSL certificate will be cheaper and sensible for your organization.
On the other hand, if you are going to add some subdomains to your site in the near future or at the beginning itself, then you will need a wildcard certificate. However, keep in mind that if any of those subdomains are going to be managed or controlled by your staff, perhaps it’ll be better to purchase a separate standard SSL certificate to protect them so the keys of your root domain are not shared with such subdomains.
You can find the ideal balance of certificate cost and security based on this understanding of your organizational structure, and based on that you can choose which type of approach and route to take for your certificates:
- Standard SSL certificate
- Wildcard SSL certificate
Finally, this was the major difference between wildcard and standard SSL certificates. Hopefully, now you can decide which SSL certificate to choose for your organization.
If you still have any questions in your mind, please feel free to share them in the comments and we will try our best to answer them as soon as possible.
Also, share which type of certificate you have selected for your organization and why.