As a site grows, subdomains multiply: www, blog, shop, app, mail… Buying a separate certificate for each is both costly and hard to manage. This is exactly where a wildcard certificate comes in.

What Is a Wildcard SSL?

A wildcard SSL is a certificate whose common name is *.example.com. The asterisk (*) stands in for all first-level subdomains of that domain. So blog.example.com, shop.example.com, and app.example.com — any number of subdomains — are secured by one certificate. Most wildcards are issued to cover both example.com and *.example.com.

What It Covers and What It Doesn't

HostnameCovered?
blog.example.com✅ Yes (first level)
shop.example.com✅ Yes
example.com (apex)✅ Usually added to the SAN
a.blog.example.com❌ No (second level)
anotherdomain.com❌ No (different domain)
⚠️
A wildcard covers one level*.example.com only secures direct subdomains. Nested addresses like a.b.example.com are out of scope; for those you'd need a separate wildcard or a multi-domain (UCC/SAN) certificate.

When Should You Get a Wildcard?

🏷️
There's no EV wildcardWildcard certificates are issued as DV or OV. Under industry rules, EV wildcards aren't issued; if you need EV-grade identity, a multi-domain EV certificate is worth considering.

One certificate, every subdomain — as long as they're one level deep.

G
GetYourSSL Team
We translate the SSL/TLS world into plain English (and Turkish). Independent affiliate partners of SSL.com, focused on helping you pick the right certificate — not the most expensive one.