The Best SSL Certificates for Subdomains – Detail Research Guide
If you are reading this article, we can assume that you already have a basic understanding of subdomains. However, if the technical details related to subdomains are not thoroughly clear when you buy an SSL certificate, even a small mistake becomes irreversible and can waste your money. So, let’s cover all the fundamentals regarding the subdomains first. (If you know all this already, scroll down to skip it!)
What are subdomains?
A subdomain is a subdivision of the parent domain under the Domain Name System (DNS) hierarchy. It is also known as a child domain. A few examples will make it clear:
In the Web address images.mydomain.com, the suffix “.com” is the first-level domain or TLD (top level domain), “mydomain.com” is the second-level domain (root domain) and “images.mydomain.com” is the third-level domain, i.e. a subdomain.
Subdomains come in multiple levels, too. In the above example, the third level domain images.mydomain.com is the first level subdomain of the root domain mydomain.com.
- xyz.com=main domain/primary domain/root domain
- *.xyz.com=first level subdomain, where * can be any word, letter or digit
- For example, blog.xyz.com, login.xyz.com, mail.xyz.com, etc.
Why are subdomains popular?
Subdomains are very useful in organizing websites. Different subdomains may be for different categories, types of content, or even different software, i.e., images.mywebsite.com, products.mywebsite.com, and offers.mywebsite.com. Often, subdomains are used to host different, but related websites: for example, companies may put niche websites for specific campaigns or user groups on subdomains.
Why should I secure all my subdomains with an SSL certificate (HTTPS)?
When you buy a single domain SSL certificate for your primary domain, it will not secure the accompanying subdomains. For example, a single domain SSL for newsite.com will secure newsite.com/products but not products.newsite.com.
However, securing a subdomain with an SSL certificate is as important as securing your primary domain. Since 2014, Google has announced that it favors encrypted webpages. For all HTTP websites, Google Chrome is showing a “NOT SECURE” mark before the website name in the address bar. If you secure only your main domain with HTTPS but not subdomains, Google Chrome will show “NOT SECURE” warning for all those subdomain webpages. Users might not trust those webpages and decide not to deal with your website, which would ultimately affect your online business.
Plus, if you have subdomains for shopping cart, product pages, subscription pages, contact forms, etc., where users need to log in with their id & password and/or input their bank details or credit card/debit card details, such subdomains must be encrypted and secured by an SSL certificate.
Protecting your whole website with an SSL certificate, including all your subdomains, is not a luxury. It’s a necessity in order to secure your online business and gain the trust of your customers.
Is It Possible to Secure my Domain and Subdomain with a single SSL certificate?
Yes, now you don’t have to buy separate SSL certificates for all your subdomains and go through the verification process, CSR generation, installation and renewal for each of them separately. Thanks to the wildcard SSL certificate.
You can secure your main domain and unlimited subdomains on the first level with a single Wildcard SSL Certificate.
According to your organization’s need, there are two different types of Wildcard SSL. Both the types are available in DV and OV validation levels.
Wildcard SSL certificate
With a wildcard SSL, you can secure one primary domain and unlimited first level subdomains for that particular domain.
For example: mydomain.com (primary domain) and www.mydomain.com, blog.mydomain.com, admin.mydomain.com, etc. – unlimited.
Multi-domain Wildcard SSL certificate
With this option, you can secure multiple primary domains and unlimited first-level subdomains on those primary domains. When you are buying a multi-domain wildcard SSL certificate, you need to check how many SAN (subject alternative names) are included in it. These SAN are the number of primary domains (and unlimited associated subdomains) covered under that particular SSL certificate. Most of the multi-domain wildcard certificates include 2 to 4 SANs by default, and can cover up to 250 domains under the same SSL certificate, with an extra charge for each additional SAN.
newsite.com (primary domain) and www.newsite.com, blog. newsite.com, admin. newsite.com- unlimited
Newdomain.ca (primary domain) and www.newdomain.ca, blog.Newdomain.ca, admin. Newdomain.ca-unlimited
Blog.domain.co.uk (primary domain) and pics.blog.dmain.co.uk, login.blog.domain.co.uk-unlimited
Compare Wildcard SSL Certificates For Subdomains
Here are our most popular wildcard products:
1) How can I secure my second level subdomains?
To secure your second level of subdomains, you need to either buy a wildcard SSL for your subdomain or buy a multi-domain wildcard.
For example, if you want to secure admin.blog.xyz.com, you need a wildcard SSL where blog.xyz.com will become your primary domain, and admin.blog.xyz.com will be its first level subdomain. You can also get the same effect with a multi-domain wildcard where you need to list blog.xyz.com as a separate SAN.
While generating your CSR, put an *. (asterisk) before the domain or subdomain whose subdomains you need to cover under the wildcard certificate.
2) Can I secure .com and .net version of my website with a wildcard certificate?
Domain names with different extension (TLD) are considered a different domain name. So, for a domain name with different TLD, you need to buy a multi-domain SSL certificate or multiple wildcard SSL certificate.
3) I just want to secure www and non-www version of my domain. Do I need to get a Wildcard certificate for this?
No, the wildcard is for your subdomains. Any single domain SSL certificate will secure both www and non-www version of your domain name. For example, you do not need a wildcard certificate to secure domain.com and www.domain.com
4) Can I get an extended validated wildcard SSL certificate?
No. For a wildcard or multi-domain wildcard SSL certificate, only DV and OV validation types are available.
5) Which is the cheapest wildcard SSL certificate available the market?
The cheapest wildcard SSL certificate in the market is Positive SSL wildcard from Sectigo (previously Comodo), which costs $249/year. If you buy a Positive SSL wildcard from cheapSSLsecurity, you can get it for $68/year after a generous 73% discount!
6) Are Wildcard certificates multi-server too?
All wildcard SSL and multi-domain wildcard SSL certificates are multi-server certificates. However, please note that for Symantec wildcard and Symantec multi-domain wildcards, you need to pay extra for each additional server.
7) Is it possible to secure a subdomain by using a multi-domain SSL?
Yes, if you have only 2-3 subdomains, you can get a multi-domain SSL certificate. Here, you need to treat your subdomains as separate SAN. For example, to secure xyz.com, www.xyz.com, blog.xyz.com, and admin.blog.xyz.com, list xyz.com as your main domain and list the other subdomains as separate SAN.
8) How can I install a wildcard certificate on my website?
Please follow these links for a step-by-step explanation.
How to Generate CSR for a wildcard certificate?
How to install a wildcard certificate?