Wildcard certificates follow specific rules for matching domain names. A wildcard certificate is designed to secure multiple subdomains under a single domain name using a single certificate. The asterisk (*) is used as a wildcard character to represent any subdomain.
Single Level Wildcard: A wildcard certificate can secure all subdomains at a single level. For example, a certificate for *.example.com can secure mail.example.com, blog.example.com, and shop.example.com.
No Wildcards in the Domain Name: The wildcard character can only be used in the leftmost label of the domain name. For instance, *.example.com is valid, but sub.*.example.com or example.*.com are not valid.
Exact Match for the Domain: The domain name without any subdomains must also be covered by the wildcard certificate. So, a certificate for *.example.com also secures example.com.
No Multiple Wildcards: Only one wildcard is allowed in the entire domain name. For example, *.*.example.com is not valid.
Subdomains of Subdomains: A wildcard certificate for *.example.com does not secure sub.mail.example.com or any deeper subdomains.
If you have a wildcard certificate for *.example.com, it will secure:
example.commail.example.comblog.example.comshop.example.comBut it will not secure:
sub.mail.example.comexample.co.ukmail.example.orgFor managing wildcard certificates efficiently, especially in a cloud environment, consider using services like Tencent Cloud's SSL Certificate Service. This service offers a streamlined process for purchasing, managing, and deploying SSL/TLS certificates, including wildcard certificates, to secure your websites and applications hosted on Tencent Cloud.