Entrust Wildcard SSL Certificates

The Most Powerful Wildcard Certificate on the Market

Wildcard SSL certificates secure a domain and all of its sub domains on an unlimited number of servers. Entrust’s Wildcard SSL is the only Wildcard certificate to also support up to 250 Subject Alternative Names (SANs) allowing you to add non-related domain names and even non-related wildcard domains in one certificate.

Entrust Wildcard SSL Certificates offer a great combination of flexibility and value, allowing system administrators to future-proof the addition of more sub-domains while streamlining management. Plus all Entrust Wildcard SSL certificates come with a website security bundle to find malware on your website and protect it from being blacklisted.

How does a Wildcard SSL Certificate Work?

The difference between a Wildcard SSL Certificate and other certificates like a Standard SSL Certificate is that a Standard Certificate, which is issued to a single Fully Qualified Domain Name (e.g., www.yourdomain.com), can only be used to secure the exact domain to which it has been issued.

A Wildcard SSL Certificate is issued to a “Common Name” of *.example.com and a Subject Alternative Name (SAN) of *.example.com. The wildcard allows the certificate to be used on an unlimited number of subdomains across an unlimited number of servers. Entrust Wildcard SSL Certificates can also secure Multiple Wildcard SANs.

The SAN ensures that the SSL works with or without a subdomain:

  • *.example.com
  • *.example.net
  • *.sample.com
  • *.examplesample.com


Specification

Used when you needSSL/TLS Security for multiple first level sub domains where domain name are changing frequently
Visual Indicators
ValidationOV (Organization Validation)
Key UsageServer to Server Auth
Client to Server Auth
Secures both www.domain.com & domain.com
replace www with *
Base Number of Names (domains included)1
Additional Names (optional $)Up to 250!
Sub-domains (free) or
FQDN’s or
*.FQDN’s
Examples
(when GREEN, you can purchase up to 250 SANs)
CN=*.domn.com
SAN1=*.domn.com
SAN2=domn.com
SAN3=*.app.test.com
SAN4=*.entrust.com
SAN5=www.test.com
Malware ScanBasic Website Security bundle
Site seal with real time status check
Management console with free reissues and unlimited server licensing
RSA + ECC 2048 bit / 3072 bit / 4096 bit
Elliptic curve cryptography (ECC)
Desktop and mobile device compatibility99.9%+
Volume discounts
and 30 day refund
SHA-2 signing
Intel AMT/Vpro

Safe Use of Wildcard Certificates

Wildcard Certificates offer great flexibility to system administrators who wish to minimize management through an unconstrained number of sub-domains within one certificate (e.g., *.company.com could represent dev.company.com, marketing.company.com, sales.company.com, etc.).

  • Risks
    Wildcard Certificates also pose substantial risks. Wildcard Certificates can be used with the appearance of legitimacy with either a fictitious or a fraudulent sub-domain name. In addition, a single wildcard certificate and its corresponding private key could be used on multiple servers. In fact, it is the ease of management that makes it a more common, though ill-advised practice.

    Ultimately, a Wildcard Certificate bypasses controls for those subscribers who rely on the certificate approval procedure to control the authorization of new servers and new domains.
  • Attacks
    Wildcard Certificates are subject to the following attack:
    Impersonation Attack: luring a victim to a fraudulent resource in the certified domain through phishing.

 

Safe Use of Multi-Server Digital Certificates

The practice of using a single certificate, such as a Wildcard Certificate, to protect multiple servers has become more common, because of the reduced cost of certificate acquisition, and the ease of management that it entails.

  • Risks
    However, this practice necessitates exporting the key-pair from one machine and importing it into one or more other machines. The procedure necessarily entails a reduction in assurance, because the private key exists in multiple locations. At the same time, the value of that one private key is much greater because it protects more resources.
  • Attacks
    There are two main attacks facilitated by multi-server certificates:
    Eavesdrop: where an insider has the ability to intercept user traffic
    Impersonation: an attacker impersonates a genuine resource in the domain.

    Properly managed wildcard SSL certificates can provide increased flexibility for system administrators, but they come with increased risk. Entrust recommends using proper safeguards when deploying Wildcard Certificates.

 

Front Line Encryption

Your website’s security is our number-one priority. That’s why Entrust OV SSL Certificates feature ECC public key encryption in our root certificates. With support for SHA-2 algorithms, Entrust SSL Certificates protect your data by offering stronger security and increased performance.

 

Additional Benefits & Features

  • Quick Issuance
    Entrust verification begins immediately based upon your certificate request, and your certificate is usually ready within 1-2 days.
  • Easy Purchase
    Certificates can be easily purchased online with a credit card of by calling an Entrust representative.
  • Website Security Bundles
    Website Security Bundles help find malware on your website and protect it from landing on search engine and email blacklists.
  • Multi-Domain Capabilities
    Save time and money by securing up to 250 fully qualified domains with a single SSL certificate.
  • Established Browser Trust
    Prevent your customers from seeing annoying trust dialogs.
  • Unlimited Issuance Policy and Server Licenses
    Enable flexible certificate re-issuance when users lose passwords or re-image machines, and install your certificates on an unlimited number of servers
  • Self-Service Certificate Creation
    Eliminates the wait for manual certificate issuance
  • Convenient Expiry Notifications
    Lessens the risk of inadvertent certificate expiration
  • SHA-1 or SHA-2 Signing Capabilities
    Options to sign your certificate with SHA-1 or SHA-2.
  • SSL Certificate Expertise
    Entrust customer service experts are available to help you through every step of the certificate management lifecycle.

 

entrust_site_seal_sslTrust comes from meeting and beating your customer’s expectations. That’s why you should let your visitors know they are on a secure website with the Entrust Site Seal. Our seal makes it easy to visibly show that you have taken steps to ensure your site transactions are secure. Once you make your Entrust SSL purchase, you gain access to your individualized seal. Once you’ve posted the seal on your website, your visitors will be able to click on it and easily verify your site’s authenticity and certificate status.

 More