SSL Web Server Wildcard Certificate FAQs

What is a SSL Web Server Wildcard Certificate?

A SSL Web Server Wildcard Certificate is a single certificate, with a wildcard character in the domain name field. This allows the certificate to secure multiple sub domain names (hosts) within the same domain. For example, a wildcard certificate for *.domain.com, could be used for www.domain.com, mail.domain.com, store.domain.com, in fact, any sub domain name in the domain.com domain. When a client checks the sub domain name in this type of certificate , it uses a shell expansion procedure to see if it matches.

When should I request a SSL Web Server Wildcard Certificate?

You should request an SSL Web Server Wildcard Certificate if you wish to secure a number of sub domains, such as 'secure.domain.com', 'www.domain.com', and 'mail.domain.com' with a single certificate. You can do this with an SSL Web Server Wildcard Certificate that looks like '*.domain.com'. Note, it is imperative that you should check your software documentation to make sure your server supports wildcard certificates.

How do I request a SSL Web Server Wildcard Certificate?

The SSL Web Server Wildcard Certificate is available only through the thawte Reseller Program. Using thawte’s online enrollment form, create your CSR (Certificate Signing Request) using a * in the domain name field. It should look something like: *.domain.com. For pricing and purchase information, please contact the Sales team via email spkisales@thawte.com or via live chat: https://www.thawte.com/chat/chat_SPKI_new.html

Do SSL Web Server Wildcard Certificates work with all servers and browsers?

When you attempt to connect to a secure site with Microsoft Internet Explorer 5.01 using Windows 2000, you may receive a Security Alert dialog box that contains the following message: "The name on the security certificate does not match the name of the site." This problem occurs when you attempt to connect to a site that uses wildcard certificates. You can download a patch, included in Service Pack 1 for IE5.01 , which will resolve the problem.

When you attempt to connect to a secure site with Microsoft Internet Explorer using Windows 95 or 98, you may receive a Security Alert dialog box that contains the following message: "The name on the security certificate does not match the name of the site." This problem occurs when you attempt to connect to a site that uses wildcard certificates. Unfortunately Windows 95 and 98 do not support the wildcard Unicode character therefore SSL Web Server Wildcard Certificates are not supported on these platforms.

SSL Web Server Wildcard Certificates work with most servers. If you are not sure, please request a Free Test SSL Certificate, and check your server documentation.

Please note: Wildcard matching works on Windows 2000 and later although you must be running at least Service Pack 2 on Windows 2000 and Service Pack 6a on Windows NT4. You will not be able to request an SSL Web Server Wildcard Certificate on Windows 2000 or Windows NT4 prior to those service packs as it will create wildcard domains using Unicode characters in the CSR.

Can I share the IP address with all the sub domain names?

Yes, because the same certificate will be used to secure all the sub domain names associated with a domain name you can share the IP address with all the sub domain names. SSL by nature of the protocol is IP based but in this case as the same certificate will be used by all the sub domain names you can configure name-based virtual hosts instead of IP -based virtual hosts.

What is the difference between a SSL Web Server Wildcard Certificate license and a standard SSL Certificate license when securing multiple servers?

The licensing for a SSL Web Server Wildcard Certificate differs somewhat from the licensing for standard SSL certificates (Web Server, SGC SuperCert , and SSL123 Certificate). Please see below for the distinctions.

Licensing for SSL Web Server Wildcard Certificates:

A SSL Web Server Wildcard Certificate secures all the sub domain names associated with a domain name on one server. If you wish to secure multiple sub domain names associated to the same domain name on a second or third server you will need to request additional licenses. The license allows you to install the same SSL Web Server Wildcard Certificate on the second and third server. For example, let’s say you have a load balancing environment and wish to secure three sub domain names on three servers (i.e. secure.domain.com, mail.domain.com and www.domain.com); in this case you will need to request one SSL Web Server Wildcard Certificate and two licenses. The license is for each additional server the same SSL Web Server Wildcard Certificate will be installed on, however you can secure an unlimited amount of sub domain names on the server(s).

Licensing for SSL Web Server Certificate, SGC SuperCert and SSL123 Certificates:

On the other hand , the SSL Web Server Certificate, SGC SuperCert and SSL123 Certificate may only be used to secure the exact sub domain name (www) and domain name (domain.com) listed on the certificate application. For example, if you wish to secure two different sub domain names associated with the same domain name (i.e. www.domain.com and mail.domain.com) you will need to request two certificates, one for www.domain.com and another for mail.domain.com. If you wish to secure two different sub domain names on two servers in a load balancing setup you will need to request two certificates, one for each sub domain name in question and two licenses, one for each additional server the two certificates would be installed on.

Please note that the use of one certificate on more than one device can result in increased security risks to your network and that thawte expressly disclaims any liability for breaches of security that result from the distribution of a single private key across multiple devices.