Wildcard SSL Certificates with SANs
Entrust has an updated product offering to include a new flavor of Entrust Wildcard SSL Certificate. The new wildcard SSL certificates support the Subject Alternative Name (SAN) extension to allow better coverage and flexibility in your wildcard investment. Typically, a wildcard certificate has one domain name such as *.example.com. This allows the certificate to be used for all sub-domains ending with example.com such as www.example.com and ww1.example.com.
What the wildcard does not support is the root domain itself — example.com. Entrust solves this issue by adding example.com to the SAN list. As the subscriber, you can choose not to add this domain to the certificate.
In addition, some mobile devices do not support wildcard certificates as they do not recognize that *.example.com could represent www.example.com. In this case, you can add the specific sub-domains that you want supported into the SAN list. Please note that the total number of SANs cannot exceed 11, including your original wildcard domain name.
As a cautionary note, please understand that the use of wildcard certificates means that you may be susceptible greater risks. For instance, if the private key is compromised then all websites protected by the wildcard certificate may also be compromised. A compromised wildcard certificate could also be used to make a fictitious website on the same root domain appear legitimate.
More details on these risks are documented in our white paper entitled, “The Safe Use of Wildcards & Multi-Server Certificates.”