Wildcard SSL-certificates are designed to protect an unlimited number of sub domains on one domain name. This is very beneficial for many projects; however, this approach has its drawbacks. Wildcard-certificates are becoming affordable and more popular. In this article, we’ll reveal some of the pros and cons of these kind of certificates.
Wildcard Certificates Pros
Protect an unlimited number of subdomains. If you have multiple subdomains (example: odd.domain.com, add.domain.com, income.domain.com), then it would be easier to purchase few individual SSL-certificates for each of them. If you have many subdomains, then it would be convenient and more affordable to purchase one certificate, that will protect all of these subdomains.
Lower price. Although overall these kind of certificates are more expensive in comparison to a single certificate, they can be useful to protect even a few number of subdomains. Some certificate providers offer unlimited server licenses, therefore you can buy one certificate and use it for any number of web servers.
Easier to manage. The deployment of 40 separate SSL-certificates is a very difficult task, even when using a PKI-friendly interface to manage them. And keep in mind that in this case you should renew all of them one by one. Wildcard-certificate saves tons of time by allowing rapid execution of tasks in various situations.
Security. If you use single certificate as well as private key on many different sites and private servers, then in this case it would be enough to hack one server for compromise all others as well.
Many certificate issuers will allow you to create as many new wildcard-certificates (using the same domain name) as required for your servers, each with its own unique private key. This allows you to make wildcard-certificate secured as a single SSL-certificate for a particular domain name. But at the same time managing these wildcard certificates will be more difficult.
Compatibility with mobile devices. Some mobile operating systems do not recognize the character wildcard, and therefore do not use the wildcard-certificates. Some providers offer special certificates for mobile devices. Today, this problem has receded into the past, because you can always use the Subject Alternative Name (SAN) certificates.