Do you want to add SSL to your subdomains?
Subdomains are not automatically protected if the main domain has a valid SSL certificate installed. You’ll have to install a new one for every subdomain you create. Or better yet, you could use a single SSL certificate that allows you to secure all domains and subdomains together.
In this guide, we’ll show you how to easily get SSL for your subdomain. But first, let’s take a quick look at whether you need to install one on a subdomain.
Do I Need SSL for a Subdomain?
Yes, you need SSL for every domain and subdomain you use.
An SSL certificate verifies your identity and creates a secure channel between the user and your website. This way, all communication is encrypted and hackers won’t be able to steal or misuse any of your website’s data.
Now we know it’s natural to think that if you’ve protected the whole apartment building with a security system and a guard outside, then every apartment inside is also protected.
But subdomains don’t necessarily function in the same way. Every domain uses its own communication line so you have to add protection to each one.
Learn more about What’s an SSL Certificate (and Why Do You Need One)?
The good news is it’s easy to install certificates on all subdomains as most web hosts have made it as simple as clicking a few buttons.
Can I Use my Free Host SSL Certificate on Subdomains?
Web hosts usually issue single domain SSL certificates, also known as standard SSL certificates. This will only protect one domain. You can choose to install it on your main domain or subdomain, but it can be used only on one.
So if you’ve been lucky to get a free SSL certificate with your hosting plan, most likely, this can be used only on one domain, unless your web host specifies otherwise.
For instance, Bluehost web hosting plans come with an SSL certificate pre-installed. So once you buy the plan, you don’t have to do anything on your end to get SSL protection. Bluehost handles that for you. But – the SSL certificate will be valid only for one domain.
At the most, some standard SSL certificates will secure both the WWW and non-WWW versions of your site. For instance, all of the single-domain SSL certificates available on comodosslstore.com secure both versions. You won’t have to worry about getting 2 certificates for that.
That said, we’ll show you how to use 2 methods to install SSL on subdomains.
1. Wildcard SSL Certificate
A wildcard SSL certificate is a single certificate that lets you enable SSL on multiple subdomains. It saves time, money, and the hassle of getting multiple SSL certificates for your subdomains.
Wildcard SSL certificates make it easier to manage SSL protection for your subdomains.
How it works is by using a wildcard character (*) in the domain name field. This allows you to secure multiple subdomain names that are from the same base domain.
So for example, if the wildcard certificate is to be used for *.example.com, you can enable the same certificate on:
2. Multi-Domain SSL Certificate
A multi-domain SSL certificate lets you extend SSL protection to multiple domains and subdomains. It’s perfect for businesses that own multiple online properties.
Here, you need to treat your subdomains as separate SAN (Subject Alternative Name). For example, to secure xyz.com, www.xyz.com, admin.xyz.com, and support.xyz.com, list xyz.com as your main domain and list the other subdomains as separate SAN.
With this option, you can secure multiple primary domains and unlimited first-level subdomains on those primary domains.
For example, you can have one domain with multiple subdomains:
Then add a second domain with multiple subdomains:
When you are buying a multi-domain wildcard SSL certificate, you need to check how many SAN (subject alternative names) are included in it.
These SANs are the number of primary domains (and unlimited associated subdomains) covered under that particular SSL certificate.
Most of the multi-domain wildcard certificates include 2 to 4 SANs by default and can cover up to 250 domains under the same SSL certificate, with an extra charge for each additional SAN.
Pros of Wildcard and MultiDomain SSL
Wildcard and multi-domain SSLs make it easier to protect your whole website with SSL. You have just 1 certificate to manage and you can secure everything including all your subdomains.
You don’t have to buy separate SSL certificates for all your subdomains. And what’s even better is that you won’t have to go through the verification process, CSR generation, installation and renewal for each of them separately.
Not to mention, it’s cheaper to use a Wildcard SSL compared to getting separate certificates for every subdomain you create.
Cons of Wildcard Domain SSL
The drawback with Wildcard SSL certificates is that you can’t get an extended validation (EV) option.
According to the Certification Authority Browser Forum (CA/B) guidelines, no publicly trusted certificate authority can issue an EV wildcard certificate due to security reasons.
There are ways to work around this. You can either get an EV multi-domain SSL certificate or separate single domain EV certificates for each subdomain. If you are looking for business validation, you can opt for organization validated (OV) wildcard SSL certificates.
Added to that, Wildcard and Multidomain SSL mean one certificate affects all. So while updating, removing, or renewing SSL/TLS for existing and new websites, if anything goes wrong, it will affect all sites. If the certificate expires, it will affect all sites using the multi-domain SSL which results in downtime on not just one but all its subdomains.
Where to get Wildcard and Multi Domain SSL Certificates
You can buy Wildcard SSL certificates from most popular web hosts and SSL providers. Here’s our top pick:
See more options here: 8 Best Websites to Buy SSL Certificates
Premium SSLs are a better option for those who want extended validation options and underwritten warranty of between $10,000 and $1,500,000. Big organizations and eCommerce sites should consider using premium SSL.
If you’re looking for a free option, then Let’s Encrypt Wildcard SSL is the best. It works well for smaller websites like personal blogs, informational sites. Web hosts like SiteGround have tied up with Let’s Encrypt to offer free Wildcard SSL right inside your hosting dashboard.
The free Wildcard SSL is valid only for 90 days, but SiteGround will renew it automatically for you.
You can also opt for a Premium Wildcard SSL with SiteGround. This SSL is valid for one year and is issued by a trusted SSL vendor (GlobalSign). It protects all subdomains of your domain and includes a dynamic site seal. If you have a large business site, then this is the recommended option.
How to Install Wildcard SSL Certificate?
First, you need to purchase a Wildcard SSL certificate from your hosting or SSL provider. They’ll give you downloadable files that you need to upload to your domain.
Most web hosts offer a simple SSL wizard that you can use to install the SSL certificate. Installing a Wildcard certificate is pretty much the same as installing a standard one.
Follow our guide: How to Install SSL Certificate on Your Domain.
This guide covers the step-by-step process of installing any SSL certificate using both the manual method and a plugin called Really Simple SSL.
There are 2 things you need to do that are specific to wildcard SSLs:
1. When you generate CSR with your SSL provider, make sure you enter your domain as *.mydomain.com. (Follow the format and replace ‘mydomain’ with the actual name of your domain.)
2. If you’re using the same certificate on multiple servers, you need to upload your private key on each one.
When you generate the CSR, your private key is also created and saved on that server. You’ll need to copy your private key to every new server when you install the certificate.
To find the private key, head over to cPanel of your hosting account. Open the SSL/TLS » Manage SSL Sites option.
Here, click on Browse Certificates and you’ll see all the installed certificates here.
Select your SSL certificate and hit the ‘Use Certificate’ button. This will autofill the given fields with the information from the certificate. You can simply copy your private key from here
Then, when you’re installing the SSL on the new server, you’ll have to paste the private key in the same field there.
That’s it! This will get your SSL working on multiple subdomains.
FAQs: SSL on Subdomains
Is Wildcard SSL the right option for me?
An SSL/TLS Wildcard certificate is a good option for you if you’re looking to secure a number of subdomains, such as:
Do I need a dedicated IP for each subdomain?
No. The certificate is associated with the domain address, not IP address.
Will SSL Wildcard work on multiple domain extensions like .com and .net?
No. Domain names with different extensions (TLD) are considered separate domain names. So, for a domain name with different TLDs, you need to buy a multi-domain SSL certificate or multiple SSL certificates.
How do I know if the Wildcard SSL will work with my host?
SSL/TLS Wildcard certificates work with most web hosts and servers. If you’re not sure, you can reach out to the customer support team of your web host.
What is SAN certificate vs Wildcard certificate?
A Subject Alternative Name (SAN) certificate is capable of supporting multiple domains and multiple host names with domains. SAN certificates are more flexible than Wildcard certificates since they are not limited to a single domain.
Combining the functionality of both allows you secure a much broader set of domains along with the capability to use them on any number of sub-domains.
Note: Only non-Wildcard names can be added as SAN.
Is it possible to secure my domain and subdomain with a single SSL certificate?
Yes, you can use a Wildcard SSL or multi-domain SSL certificate to secure your main domain and subdomains with a single SSL certificate.
Should I use Wildcard SSL to secure www and non-www versions of my domain?
Most standard SSL certificates automatically secure both the www and non-www version of your site. If you find that it’s not secure, you should connect with your hosting support to find the best option. You might just need to enable the same certificate on both domains.
Are there any hidden costs in the wildcard certificate?
Wildcard SSL certificates usually do not come with any hidden costs. This can depend on the provider you purchase it from. Be sure to read the terms and conditions and renewal costs before you purchase.
That’s all for now. We hope you found this guide on enabling SSL on subdomains helpful. You might also want to see our guide: Should You Trademark Your Domain Name? (Beginner’s Guide).
This will help you secure your domain names so that no one else can misuse your brand and business name.