If you have many subdomains, buying a separate certificate for each gets tedious. A wildcard SSL covers them all with one *.example.com certificate. How it works, what it doesn't cover, and when it's the right choice.
GetYourSSL Team5 min readCertificate Types
A wildcard secures all first-level subdomains of a domain with a single certificate.
Disclosure: GetYourSSL is an affiliate partner of SSL.com. If you buy through our links, we may earn a commission at no extra cost to you.
As a site grows, subdomains multiply: www, blog, shop, app, mail… Buying a separate certificate for each is both costly and hard to manage. This is exactly where a wildcard certificate comes in.
What Is a Wildcard SSL?
A wildcard SSL is a certificate whose common name is *.example.com. The asterisk (*) stands in for all first-level subdomains of that domain. So blog.example.com, shop.example.com, and app.example.com — any number of subdomains — are secured by one certificate. Most wildcards are issued to cover both example.com and *.example.com.
What It Covers and What It Doesn't
Hostname
Covered?
blog.example.com
✅ Yes (first level)
shop.example.com
✅ Yes
example.com (apex)
✅ Usually added to the SAN
a.blog.example.com
❌ No (second level)
anotherdomain.com
❌ No (different domain)
⚠️
A wildcard covers one level*.example.com only secures direct subdomains. Nested addresses like a.b.example.com are out of scope; for those you'd need a separate wildcard or a multi-domain (UCC/SAN) certificate.
When Should You Get a Wildcard?
You have many subdomains — and don't want to manage a certificate for each.
Dynamic subdomains — if you generate per-user addresses like customer1.example.com.
Simpler management — one renewal, one installation, one private key.
🏷️
There's no EV wildcardWildcard certificates are issued as DV or OV. Under industry rules, EV wildcards aren't issued; if you need EV-grade identity, a multi-domain EV certificate is worth considering.
One certificate, every subdomain — as long as they're one level deep.
G
GetYourSSL Team
We translate the SSL/TLS world into plain English (and Turkish). Independent affiliate partners of SSL.com, focused on helping you pick the right certificate — not the most expensive one.