WildCard SSL Certificates and Easy Answers

The best way to secure and protect sub-domains can be accomplished through the use of a WildCard SSL Certificate. These certificates offer convenience and affordability by use of a public key certificate which can be used with multiple sub-domains of a domain. Therefore, instead of purchasing and administering several separate SSL Certificates for each sub-domain, a business can utilize a Wildcard SSL Certificate.

While WildCard SSL Certificates provide versatility, only a single level of sub-domain matching is supported. For example, the use of *.company.com WildCard could be: subscribe.company.com, payment.company.com, login.company.com, or contact.company.com. Although, during the installation process there has been recommendations on changing the WildCard domain names to match the actual account domain name (not installing as *.company.com). It is possible to have a WildCard SSL Certificate installed to more than one sub-domain on a single IP address.

However, If you attempt to update a WildCard SSL Certificate, the single IP address method might not be retained when the WildCard is installed to more than one sub-domain on a single IP address. If there is no manual configuration then each sub-domain or domain will need its own dedicated IP address. A CPanel can be used for easier management over dedicated IP addresses when each site needs its own IP for SSL.

Installing the WildCard SSL Certificate at WHM

The WHM menu path which is used to install SSL Certificates is:

WHM: Main>>SSL/TLS>> Install a SSL Certificate and Setup the Domain

1. Copy and paste the WildCard SSL Certificate into the first text area


2. Permit the rest of the text area to be filled automatically


3. Confirm that the SSL Key and CA bundle are accurate


4. Switch the WildCard domain name to match the actual account domain name


5. Double check that the username and IP address match the actual account involved

Issues with the WildCard SSL Certificate

Some mobile devices might not be able to connect because of authentication issues if they do not trust the certificates (because the certificate is not trusted by the customer’s browser). To help prevent this error it is best to use a trusted provider of WildCard SSL Certificates that issues a certificate the user’s browser will rely on. Basic browsers that do not support “Certificate Request” may have problems because the certificate appears invalid due to lack of verification. Intermediate Certificates are used to connect an SSL Certificate to a trusted root certificate. Commercial Certificates have the trusted root certificate built in.

Although many platforms, devices, servers, services work well with the WildCard Certificates, there are some that are incompatible such as:

* Microsoft Office Communications Server

* Microsoft Lync Server

* Oracle Wallet Manager

* Windows Mobile 5 Devices

The WildCard SSL Certificate as a Solution

There are different products which can be used to provide SSL for websites. It is important to consider which domains and sub-domains need to be protected, how they can best be protected, and what cost is affordable for the business. A WildCard SSL Certificate is a versatile tool, although it does have its limitations. IT Professionals and Web Security Experts should consider the effectiveness of the WildCard SSL Certificate in providing the security they need in the areas that they desire.

Money can be saved when using a certificate such as the WildCard by avoiding the individualized costs of other various certificates. So long as the WildCard has been properly installed it is a great resource in providing easier web security administration in a cost-effective manner. As mentioned before, the WildCard SSL Certificate will only apply to those servers which are compatible and only to secure and protect sub-domains. There are other options if protection is needed for various domain names.

Original Source:
https://www.rapidsslonline.com/blog/wildcard-ssl-certificates-and-easy-answers

A list of Frequently Asked Questions about WildCard SSL Certificates answered by RapidSSLonline

A WildCard SSL certificate has many advantages over a conventional SSL certificate, the most important one being it’s ability to secure not only your website URL, but also an unlimited number of its subdomains. Needless to say, a product with such  benefits does attract interest of a large pool of customers.

At RapidSSLOnline, a Certificate Authority of a wide range of brands such as VeriSign (Now Symantec), GeoTrust, Thawte, and RapidSSL, we  come across a lot of such customers on a daily basis, who are curious about this product, and have a variety of questions to ask before making a decision to buy it. And hence this post.

A follow up to my last article, which provided a brief overview of WildCard SSLs, this one aims to address most frequently asked questions on the web about the same and clears air about WildCard SSL security and how it works to protect small and wide level e-Commerce business over the web.

What is a WildCard SSL Certificate?Cheapest WildCard SSL, which protects user’s confidential information while transferring it on the web, and additionally, it protects multiple sub domains on a single server and IP address. Every Wildcard begins with an asterisk * or “star”. The star represents the wildcard part of the SSL certificate. The star can be any sub domain that shares the same base domain.

Which level of businesses need WildCard SSL security?It is a highly recommended SSL security solution to medium and wide level e-Commerce websites.

What  strength of encryption does WildCard Certificate hold?It holds the advanced 256 bit encryption  strength for single and multiple sub domains protection.

What  level of security is included in WildCard Security SSL?It protects a Fully Qualified Domain Name (FQDN) and Sub Domains on a Single Server and IP address.

Which brand’s WildCard SSL security holds an unlimited server license?RapidSSL and GeoTrust. These are two major brands  whose WildCard SSL certificate security holds an unlimited server license.

What is the issuance time of WildCard SSL security certificate?It can be issued within few minutes for a  single Domain Name.

What all web browsers are compatible with a  WildCard SSL certificate?Here is a  list of web browsers  most compatible with WildCard Cert.

• IE 5+, 6+, 7+, 8+
• Firefox 1+, 2+, 3+
• Netscape 4+
• Opera 7+
• AOL 5+
• Safari

What validation method does WildCard Certificate hold?It holds a complete domain validation.

Does it include trust mark or site seal feature?Yes! Its includes the trust mark or site seal feature, which is essential  to gain trust and confidence of the users.

How does one  generate WildCard SSL Certificate CSR for any web server?It is the same process, which holds other Domain Validated SSL certificate CSR. However, during the WildCard SSL generation, the common name should be *.yourdomain.com. To get a better idea about WildCard SSL Certificate CSR generation, click here.

Is  WildCard SSL security android validated?Yes, it is an Android Validated SSL security.

What is the difference between EV SSL and WildCard SSL?
EV SSL certificate is a complete domain authentication which protects single qualified domain only on a single server and IP, whereas  WildCard SSL is domain authenticated security, which protects sub domains and as well as main domains on single server and IP.

To see a list of Frequently Asked Questions about EV SSL Certificates, please click here.

Credit Goes to: http://www.dailyhostnews.com/a-list-of-frequently-asked-questions-about-wildcard-ssl-certificates-answered-by-rapidsslonline

Understanding WildCard SSL validation for the Android Platform

The world is moving towards a technology area where users depend on the smart phone technology such as Android, iPhone, and Windows. At the forefront of the smartphone technology is the ability for users tries to execute their on-line financial transactions using their smart phones, tablets, and laptops and using on-line applications and web platforms to shop online. Online shopping is the best way to save time, as well as money, but some online shopping aspects such as security, privacy, and trust mark should be present while executing these transactions on the web.

As the growing world of technology increases it is imperative that users become more aware and recognize the visual indicators of security while they shop online, especially when paying with a credit card or PayPal. The SSL industry has a wide range of security products such as WildCard SSL Certificates, Extended Validation SSL (EV SSL), Subject Alternative Name (SAN SSL), Server Gated Certificates (SGC SSL)and Code Signing Certificates to protect web sites and their users. According to major Certificate Authorities that users used to execute their transaction through their smart phones where they use their android based applications to execute financial transactions.

Most Android based smart phone applications use Wildcard SSL Certificate security to secure their user’s data while they exchange information through the device with web servers. Wildcard SSL certificates secure website URLs and unlimited numbers of their subdomains. Websites secured by regular SSL certificates are also protected by WildCard certificates, except that some Web servers may require an individual IP address for each subdomain listed by a WildCard SSL. RapidSSLOnline.com has been supplying a full line of SSL security certificates, including WildCard SSL, since 2009. All certificates and renewals sold on RapidSSLonline.com are exactly the same as what the Certification Authorities sell directly.

To use a WildCard SSL for Android, you can either import the SSL certificate from a local computer or buy it directly from the Android device, the certificate being a file with .cer extension from the chain included in the endpoint certificate or from the official site of the issuer (in the Base64 encoded X.509 format). For Android 2.2, the WildCard SSL can be installed from an SD card after "Use secure credentials" is activated under the "Credential Storage" section of "Settings/Security."

Wildcard SSL for Android comes with several extra features, including timeout specification for SSL handshake operations, hostname verification (in most cases), optional SSL sessions caching with SSLSessionCache and to optionally bypass all SSL certificate checks. When accessing servers through Android WildCard SSL certificates, the user must verify the server's identity to ensure a secure connection. Android Developer designates several ways to verify the server through WildCard SSL for Android in its reference guide.

The WildCard SSL has additional benefits aside from its practicality. It works with all browsers and devices, it has 2048 bit encryption and includes free malware monitoring for all listed domains and subdomains, and it can be installed across as many servers as needed.

About the Author

Mobile website owners looking for the perfect SSL solution for their website can find it with Jim Armstrong and RapidSSLonline.com. They can help customers understand the benefits of the WildCard SSL validation for the Android platform. Having been in the SSL industry since 2009, RapidSSLonline.com become the most inexpensive and cheap SSL certificate providers with unbeatable price guarantee to help save money. Learn more by contacting calling 727-388-4240 or pr@RapidSSLOnline.com.

Setting Up a Wildcard SSL on cPanel/WHM

A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them.

Similar to having multiple certificates installed on a server, each sub-domain containing the certificate needs its own IP as well.  Wildcard SSL’s do not work like Wildcard DNS – you will have to specifically install the certificate on each sub-domain. Following are two methods to set up a Wildcard SSL for a domain.

Multiple Accounts

In a case where you have each sub-domain hosted as a separate cPanel account, and each cPanel account has its own IP address, then follow these steps:

• Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com
•  There are two ways to change a site’s IP address:

                                                              i.      Via WHM:

Go to WHM > Change site’s IP Address, select the account, then select the 

   i.      Via Command Line:

/usr/local/cpanel/bin/setsiteip -u $user $ip

When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com

·         The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target sub-domain

·         Click install to install the certificate

One Account

This method may be best for users that are not resellers or that are on shared hosting servers, where having multiple cPanel accounts may not be ideal. In this case, you’d have one cPanel account and assign multiple IPs to its sub-domains:

·         Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com

·         These are the steps to assign dedicated IPs to multiple sub-domains on the same account

                           I.            Edit /var/cpanel/userdata/$USER/$SUBDOMAIN.$DOMAIN for each subdomain (for addon/parked domains you’ll usually edit the file for the subdomain associated with the addon/parked domain) and change the IP value to a “dedicated” IP.

                                        II.                Run /scripts/rebuildhttpconf

                                        III.            Edit the DNS zone for the subdomain (which will likely be attached to the parent domain) and update the a-record to point to that IP as well. Then synchronize the zone out to the DNS cluster, if one exists:

                                        IV.             /scripts/dnscluster synczone <parentdomain>

                    V        Edit /etc/domainips and add an entry for that sudomain to point to the IP and run /scripts/rebuildippool to make sure the IP is marked as taken.

•           When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
•          fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target sub-domain
•          Click install to install the certificate

     So, you can save your time to manage numerous certificates for sub-domains and even save the money as Wildcard SSL Certificates such as RapidSSL Wildcard SSL or GeoTrust True BusinessID Wildcard will provide security for all your sub-domains with one main domain name.

About the Author:

RapidSSLonline is one of the largest cheap SSL certificate providers and is a Platinum partner for VeriSign, GeoTrust SSL, Thawte and RapidSSL. It provides 24/7 support for any question, anytime. For more information about RapidSSLonline, please visit https://www.rapidsslonline.com