How to Generate a CSR for a Wildcard SSL Certificate

Dec 9, 2018 Scott Rogers How-To

Wildcard SSL certificates will allow you to secure an unlimited number of subdomains for a registered base domain. Let's say you own the base-domain example.com. A wildcard certificate for *.example.com can secure any-subdomain.example.com. The asterisk (*), or star, is the wildcard and can be any valid subdomain.

About the Common Name (CN)

Every SSL certificate has a Common Name or CN for short. When generating a Certificate Signing Request (CSR), the CN can cause some head-scratching and Googling. The meaning of Common Name isn't plainly obvious and it can trip up even the most experienced techies, especially when it comes to the CN for a wildcard certificate

The CN is simply the fully qualified domain name (FQDN) that you want to secure with an SSL certificate. If you want to secure just a single non-wildcard FQDN like https://shopping.example.com, the CN would be shopping.example.com

Strictly-speaking, the naked, or base-domain, like example.com, is not a true FQDN because it does not include a hostname, but nowadays leaving the www hostname out is widely accepted. 

certificate-viewer-wildcard-cn.png
Firefox Certificate Viewer

The Common Name (CN) for a Wildcard SSL Certificate

The Common Name for wildcard certificates always starts with an asterisk (* star). 

Example: a Common Name of *.hawaii.com

Will secure...

hawaii.com
www.hawaii.com
maui.hawaii.com
oahu.hawaii.com
blog.hawaii.com
www.hawaii.com
big-island.hawaii.com

Will not secure...

maui.hawaii.net (different TLD)
big.island.hawaii.com (too many subdomains)
aloha.visit-hawaii.com (different domain)


Example: a Common Name of *.shop.mystore.com

Will secure...

shop.mystore.com
www.shop.mystore.com
login.shop.mystore.com
support.shop.mystore.com
24-7.shop.mystore.com

Will not secure...

mystore.com (must start with 'shop')
shop.mystore.info (different TLD)
shop.my-store.com (different domain)


Wildcard SSL certificates are great for reducing not only certificate costs but also certificate management costs. Rather than having to purchase, manage, and renew many certs with the same base-domain you only have to deal with one wildcard certificate. 

Additional Resources

Please contact our support team if you have any additional problems or questions.