What are the pros and cons of a wildcard certificate?
Wildcard certificates give you the ability to secure an unlimited amount
of subdomains within a domain name. While this may seem like a great
idea, there are some drawbacks you need to consider.
Pro:
If
you have many subdomains (such as www1.domain.com, www2.domain.com,
www3.domain.com, etc.) then you can use a single wildcard certificate
(*.domain.com) to secure all of them. This may make sense when you have
a large number of subdomains, or your list of subdomains in use is
constantly changing.
Con:
The biggest concern with
wildcard certificates is that when one server or sub-domain covered by
the wildcard is compromised, all sub-domains may be compromised. In
other words, the upfront simplicity of the wildcard can create
significant problems should things go wrong.
Suggestion:
While
QuoVadis issues wildcard certificates, we recommend the use of SAN
(Subject Alternative Name) certificates as a more secure option. Like
the wildcard, a SAN certificate allows the certificate to cover multiple
URLs, but restricts it to a specific list of URLs. The QuoVadis
Trust/Link system simplifies your ability to replace the certificate
should your desired list of SAN entries change during the validity
period.
