Installing a Secure Sockets Layer (SSL) certificate on your website is no longer just an option. It’s an essential part of protecting your site, and ensuring that data is encrypted and served via an HTTPS connection. However, figuring out what type of SSL certificate to use can be tricky, especially considering how many varieties there are.

If you operate multiple subdomains, it probably makes the most sense to use a ‘wildcard’ SSL certificate. This enables you to secure all of your subdomains with a single certificate, rather than having to purchase and install a number of individual ones.

In this post, we’ll discuss what a wildcard SSL certificate is, as well as when and why you might use one. Then we’ll explain how to install this kind of certificate on your site in a few simple steps. Let’s get started!

What Wildcard SSL Certificates Are (and How They Work)

A wildcard SSL provides a way to secure an unlimited number of subdomains with a single certificate. A wildcard SSL certificate works with any subdomain of the base domain name it is provisioned for. For example, if your domain name is “yourwebsite.com”, your wildcard certificate would also protect “subsite.yourwebsite.com” and “subsite2.yourwebsite.com”.

On wildcard SSL certificates, an asterisk (*) is placed before your domain name as a placeholder, which can be interpreted as any string of characters. You can also use this type of certificate to cover both the ‘www’ and non-’www’ variations of a domain.

For example, some domains and subdomains our example wildcard certificate would work with include:

  • www.yourwebsite.com
  • yourwebsite.com
  • news.yourwebsite.com
  • blog.yourwebsite.com
  • shop.yourwebsite.com

As with single-name certificates, wildcard SSL certificates encrypt data via a set of keys. This includes a public key that is stored on the digital certificate and a private key that is kept on your server. However, with a wildcard certificate, you can copy the private key and upload it to as many servers as you wish.

Wildcard SSL vs Multi-Domain SSL

It’s important to note that wildcard SSL is not the same thing as a Multi-Domain or Subject Alternative Name (SAN) SSL certificate. Multi-domain SSL lets you protect multiple domains and subdomains, including those from different hostnames, with a single certificate. For example, you could use multi-domain SSL to secure various top-level domains such as:

  • www.yourwebsite.com
  • www.yourwebsiteblog.com
  • www.yourwebsitenews.com

You could also create subdomains for each of these sites, and protect them under a single certificate. However, with multi-domain SSL certificates, you’ll have to define the subdomain name at the time of purchase. If you wanted to add a subdomain later down the road, you would need to reissue the certificate.

When to Use a Wildcard SSL Certificate

When you have a single-name SSL certificate, adding a new subdomain to your site and issuing an SSL certificate for it isn’t necessarily a big deal. However, if you plan on adding a lot of subdomains, this could quickly become a time-consuming and costly process.

Therefore, the primary benefit of using wildcard SSL is that it can save you a lot of time and money. It also offers more flexibility than other options.

For example, unlike when using SAN SSL, you don’t need to define the subdomains when purchasing your wildcard SSL certificate. Plus, any time you add a new subdomain, you won’t have to worry about reissuing the certificate.

Wildcard SSL makes sense to use when you have a single domain with multiple first-level subdomains (or plan on adding them in the future). This kind of certificate helps you protect all of them at once.

Some common scenarios when using a wildcard SSL certificate is most beneficial include:

  • You’re a web developer who often uses subdomains for testing environments.
  • You own a business that uses separate subdomains for different aspects and entities of the organization (blog, shop, etc.).
  • You only need a single top-level domain, but plan to use multiple subdomains (now or in the future).

Wildcard SSL certificates are supported by nearly every type of web browser and device, including both mobiles and desktop computers. Additionally, wildcard SSL certificates come with an unlimited server license policy and an unlimited re-issuance policy. This means you can secure your site on an as many servers as necessary, and reissue the certificate as many times as you want.

Where to Get a Wildcard SSL Certificate

Wildcard SSL is available on both Domain Validated (DV) and Organization Validated (OV) certificates. The former enables you to secure your domain name and any number of subdomains, whereas the latter lets you validate your business as well as your domain name and subdomains.

OV certificates require you to submit business documents and can take a few days to process and verify. Alternatively, DV certificates can be issued within minutes. It’s important to note that wildcard SSL is not available on Extended Validation (EV) certificates.

There are a wide variety of Certificate Authority (CA) providers that offer wildcard certificates. A few popular options include:

  • Comodo offers SSL DV wildcard and SSL OV wildcard certificate options. Prices range from $89 per year to over $1,000 per year, depending on the plan and subscription type.
  • GeoTrust offers a True BusinessID wildcard certificate for $688 per year, as well as a QuickSSL® Premium wildcard certificate for $745 per year.
  • Thawte provides SSL wildcard certificates starting at $149 per year.

Depending on your hosting provider and plan, you might be able to purchase a wildcard certificate through them as well. For example, some hosting companies will work with a preferred SSL partner, and offer wildcard certificates as a premium add-on.

How to Install a Wildcard SSL Certificate on Your WordPress Site (In 4 Steps)

If you decide that wildcard SSL is your best option and you do not want to use Kinsta’s free wildcard SSL, the next step is to purchase and install it on your WordPress site. The process for installing an SSL certificate may vary slightly, depending on your host and server type.

For example, some hosting plans don’t support wildcard SSL certificates, or only offer them as a premium option. At Kinsta, we support all types of SSL, including wildcard certificates.

Similarly, the steps involved in the installation process may look different depending on the control panel and interface of your web host. For example, at Kinsta, we use our custom MyKinsta dashboard rather than the basic cPanel.

Regardless, the steps involved are largely the same. Let’s take a look at how to install a wildcard SSL certificate on your WordPress site in four easy steps!

Step 1: Purchase Your Wildcard SSL Certificate

The first step is to purchase your SSL certificate. As we mentioned earlier, there are a variety of SSL providers to choose from that offer wildcard certificates. The best solution will depend largely on your specific needs and budget.

When you purchase an SSL certificate, you’ll be asked to indicate the type of server your site is hosted on. As a Kinsta customer, you’ll want to select “Nginx” if that is available as an option. However, “Apache” or “Other” will also work.

Step 2: Generate a Certificate Signing Request (CSR) Code and Private Key

The next step is to generate a CSR code, which is required by the SSL provider in order to create and sign the certificate file. To generate a CSR code and private key, you can complete the Online CSR and Key Generator form on SSL.com:

The Online CSR and Key Generator form.
The Online CSR and Key Generator form.

We recommend filling out the following fields:

  • Common Name (Domain Name)
  • Email Address
  • Organization
  • City / Locality
  • State / County / Region
  • Country

Since you are generating a wildcard SSL certificate, for the “Common name” field, make sure to add an asterisk before your domain name (“*.yourdomain.com”):

The ‘Common Name’ field of the CSR key generator form.
The ‘Common Name’ field of the CSR key generator form.

When you’re done, click on the Generate button at the bottom of the screen. A private key file and CSR will be automatically generated:

A CSR and private key generated from SSL.com.
A CSR and private key generated from SSL.com.

You can select Download Private Key and Copy CSR to save this information. Not only will you need them in the next step, but your SSL certificate is unusable without them.

Then, return to your SSL provider and upload your CSR. This will regenerate your SSL certificate (.cert) file.

Step 3: Upload Your Private Key and Certificate Files to Your Server

The next step is to upload your CSR and private key files to your server. If you’re a Kinsta user, log in to MyKinsta and navigate to Sites > Your Site > Domains. Click on the dropdown menu next to the domain you want to add a custom SSL certificate for, and click Add Custom SSL Certificate.

Add a custom SSL certificate.
Add a custom SSL certificate.

Next you’ll see a confirmation modal showing the domains that the custom SSL will cover. Click the Next button to proceed to the next step.

Custom SSL domains.
Custom SSL domains.

You will then be able to add your private key (.key) and certificate (.cert). Some customers will also need to add their intermediate certificate as well. Most SSL providers will email you a .crt file and a .ca-bundle file. Paste the contents of your .crt file in the “.cert file contents” section first and then the contents of the .ca-bundle file below it.

Paste your .key and .cert files into MyKinsta.
Paste your .key and .cert files into MyKinsta.

Note that if you want to add your intermediate certificate as well, you can do so. Depending on which SSL provider you used, they may have emailed you a .crt file and a .ca-bundle file. If you don’t have an intermediate certificate or know what it is, you can use a tool such as What’s My Chain Cert to generate it.

You can use a text editor like Notepad to open these files. Then you can copy and paste the contents of your .crt file in the Certificate section first, followed by the contents of the .ca-bundle file below it. Once you’re done, click on the Add Certificate button.

As we mentioned, the process for uploading your private key and certificate files will vary depending on your host. If you’re not a Kinsta user and your host uses cPanel/WHM, you can add this information under SSL/TLS.

Step 4: Confirm That the Wildcard SSL Certification Installation Was Successful

If you carefully executed the aforementioned steps, you should now have a wildcard SSL certificate successfully installed on your WordPress site. However, to confirm that everything went as it should, you might want to use the SSL Checker tool by About SSL:

The AboutSSL.com SSL checker tool.
The AboutSSL.com SSL checker tool.

On this page, simply enter the URL of your WordPress site, and then click on the Check button. Information about your SSL certificate will automatically display on the screen. This will help you confirm whether yours was properly installed.

If all looks well, that’s it! You’ve now installed a wildcard SSL certificate. After installing the SSL certificate, we recommend running a search and replace on your site’s database to swap out HTTP URLs for HTTPS ones.

Summary

Installing an SSL certificate is one of the most important steps in optimizing and securing your website. However, deciding what type of SSL certificate to use can be confusing.

As we discussed in this post, using a wildcard SSL certificate can help you save both time and money, by protecting an unlimited number of subdomains on a single certificate. You can install one on your site in four simple steps:

  1. If you prefer to use a custom wildcard SSL instead of Kinsta’s free option, purchase a custom certificate from a CA such as Comodo or GeoTrust.
  2. Generate a CSR and private RSA key from SSL.com.
  3. Add your wildcard certificate files to your server.
  4. Confirm that the wildcard SSL certificate installation was successful, using the SSL Checker tool.