Wildcard certificates allow businesses to secure a main domain and an unlimited number of subdomains. A wildcard certificate can be a cost- and labor-saving SSL solution, especially for businesses that have many subdomains or frequently need new ones.
The wildcard name comes from the * character, which is often referred to as an asterisk in Norwegian, but is often referred to as a wildcard in an IT context. For example, a wildcard certificate for *.example.com can cover test.example.com, mail.example.no, blog.example.no and so on.
SSL certificates are issued with three levels of validation – the process that verifies the identity of those operating the website. DV stands for Domain Validation. DV certificates are the simplest and most commonly used level of SSL.
Commfides offers wildcard solutions for two levels of security within SSL certificates:
DV (Domain Validation): Basic protection, ideal for smaller websites.
OV (Organization Validation): More secure solution that verifies your organization’s identity.
In order to be issued a DV certificate, it only needs to be verified that the person who wants to be issued the certificate has control of the domain. There is no thorough check of who is behind it, as there is for the higher security levels.
Since DV certificates do not require a background check of the applicant, it is possible for dishonest actors to use the certificates on their websites. DV certificates are therefore not recommended for online stores or other websites that handle sensitive data and require a high degree of trust.
Wildcard certificates cannot be issued at EV level (Extended Validation), which is the highest security level for SSL. This is because EV certificates require the company to have full control over domains when they are issued, and this is not possible in principle since new domains can be added later.
Another limitation of wildcard certificates is that they only cover one level of subdomains. A certificate for *example.no covers test.example.no but not web.test.example.no. Nor can a wildcard certificate cover an additional main domain such as examples.no
