How to Generate a CSR for a Wildcard SSL Certificate

Dec 9, 2018 Scott Rogers How-To

Wildcard SSL certificates will allow you to secure an unlimited number of subdomains for a registered base domain. Let's say you own the base-domain A wildcard certificate for * can secure The asterisk (*), or star, is the wildcard and can be any valid subdomain.

About the Common Name (CN)

Every SSL certificate has a Common Name or CN for short. When generating a Certificate Signing Request (CSR), the CN can cause some head-scratching and Googling. The meaning of Common Name isn't plainly obvious and it can trip up even the most experienced techies, especially when it comes to the CN for a wildcard certificate

The CN is simply the fully qualified domain name (FQDN) that you want to secure with an SSL certificate. If you want to secure just a single non-wildcard FQDN like, the CN would be

Strictly-speaking, the naked, or base-domain, like, is not a true FQDN because it does not include a hostname, but nowadays leaving the www hostname out is widely accepted. 

Firefox Certificate Viewer

The Common Name (CN) for a Wildcard SSL Certificate

The Common Name for wildcard certificates always starts with an asterisk (* star). 

Example: a Common Name of *

Will secure...

Will not secure... (different TLD) (too many subdomains) (different domain)

Example: a Common Name of *

Will secure...

Will not secure... (must start with 'shop') (different TLD) (different domain)

Wildcard SSL certificates are great for reducing not only certificate costs but also certificate management costs. Rather than having to purchase, manage, and renew many certs with the same base-domain you only have to deal with one wildcard certificate. 

Additional Resources

Please contact our support team if you have any additional problems or questions.