Contact Us

Wildcard Certificates: The Pros and Cons

Picture of Ewan Ferguson
Securing Wildcard Certificates on Laptops

Certificate management is a critical part of an organisation’s cyber security that cannot be ignored. Certificates are vital for protecting data transmitted between websites and users. If not properly managed, data could be at significant risk. One certificate option that organisations often consider is wildcard certificates, which provide some benefits but also carry security risks.

What Are Wildcard Certificates? This type of Certificate allows a single certificate to secure multiple subdomains of a domain. For example, a certificate for *.example.com would secure app.example.com, shop.example.com, support.example.com, etc. This can be more convenient than acquiring individual certificates for each subdomain.

The Pros

  • Cost Savings – Wildcard certs are generally less expensive than purchasing multiple single-domain certs

  • Simplified Management – Only one certificate needs to be tracked, updated and renewed rather than dozens or hundreds.

  • Flexibility – New subdomains are automatically covered without needing new certs issued.

The Cons 

  • Increased Risk – If the private key is compromised, all associated subdomains are vulnerable. This provides a larger attack surface area.

  • Limited Transparency – You cannot easily determine which subdomains are actively using the cert.

  • Compatibility Issues – Some applications and services do not properly support wildcard certificates.

 

While the cost and management benefits were previously major advantages, the proliferation of free and automated certificate platforms has diminished these benefits substantially. Many organisations no longer find wildcard certificates worth the security tradeoffs.
The choice of using wildcards requires careful consideration of your security risks, compatibility requirements, and management needs. For most organisations, the increased risk and maintenance overhead may outweigh the remaining convenience benefits of wildcard SSL/TLS certificates.

 

FullProxy Recommends

At FullProxy we strongly advise against using Wildcard certificates as they can come with significant security risks. Offering a false sense of security doesn’t guarantee that users are genuinely accessing the intended systems. Users could unknowingly connect to outdated or inactive links or servers that no longer serve any purpose. Using wildcards conceals potential server and DNS errors.

Wildcard certificates could potentially fall into the wrong hands of attackers who could exploit them. For advice on certificate management, and to find out more about our partnership with AppViewX, book a call with us here.

Picture of Ewan Ferguson
  • Written by
Ewan Ferguson
Chief Executive Officer

The Clock is Ticking: Stay up to date with our F5 Software Countdown

In the rapidly evolving world of network infrastructure, staying current is not just a best practice—it’s a necessity. For F5 users, this means keeping your BIG-IP systems up to date with the latest supported versions. You can find out if you're due for a an upgrade with our bespoke F5 Software Countdown!
Read more
F5 BIG-IP Application Delivery Controller (ADC) & Load-balancing
  • F5

Future-Proof Your ADC: Why F5 BIG-IP is the Expert Choice

The IT and Cyber Security landscape has undergone significant changes in recent years. One prominent change is Citrix shifting their focus from the load-balancing space to more towards other areas, as evidenced by acquisitions like Wrike, a project management company, and the end-of-sale announcement for NetScaler Perpetual Licenses.
Read more
Google search bar and coloured shield graphics - Google’s 90-Day TLS Certificate

Google’s 90-Day TLS Certificate Limit: What Does It Mean?

Google's announcement to reduce the lifespan of Transport Layer Security (TLS) certificates from 398 days to 90 days continues to be a hot topic of discussion among information security professionals, especially those directly involved in replacing and updating certificates. It’s especially frustrating because – although mooted back in April of 2023 – there’s still no confirmed date for its implementation. Yet Chrome browsers account for just over 50% of all UK web traffic (Statista), so there’s no avoiding the impact that this will have.
Read more

F5 Distributed Cloud: Unlock Max Uptime & Security

Meet Donald, our experienced Technical Manager. In this blog post, he takes us through a quick demonstration of F5's Distributed Cloud, showcasing how effortlessly you can ensure maximum uptime and protection for your web applications. 
Read more
Linkedin-in Youtube Facebook-f

Minimise your security risk.

Maximise your return on investment. 

Contact us
1 West Regent Street
Glasgow, G2 1RW

+44 141 291 5500

hello@fullproxy.com

© 2024 FullProxy Limited. All rights reserved.