Skip to content

Wildcard domain certificates

A Wildcard domain certificate is a Digital Certificate that secures a domain and all its subdomains using a single certificate.^[600-developer__tools__security__CA.md]

In the X.509 certificate system, this functionality is typically specified in the Common Name (CN) field or the Subject Alternative Name (SAN) extension during the certificate generation process[600-developer__tools__security__CA.md][600-developer__tools__security__CA.md]. Instead of issuing separate certificates for www.example.com, mail.example.com, and api.example.com, a single wildcard certificate can be used for all of them^[600-developer__tools__security__CA.md].

Syntax

The standard notation for a wildcard domain involves prepending an asterisk (*) to the base domain^[600-developer__tools__security__CA.md].

  • Format: *.example.com
  • Scope: Matches example.com and any subdomain one level deep (e.g., bar.example.com).

For example, when creating a self-signed Certificate Authority (CA), using *.yudady.tk in the Common Name field designates it as a wildcard certificate for the yudady.tk domain^[600-developer__tools__security__CA.md].

Implementation

Using OpenSSL

When generating a certificate signing request (CSR) or a Self-Signed Certificate using OpenSSL, the wildcard character is included in the interactive prompt or configuration file^[600-developer__tools__security__CA.md].

For example, the following command creates a self-signed X.509 certificate: openssl req -x509 -newkey rsa:2048 -keyout tls.key -out tls.crt

During this process, the prompt Common Name (e.g. server FQDN or YOUR name) [] requires input.^[600-developer__tools__security__CA.md] Entering a value like *.yourdomain.com configures the certificate as a wildcard certificate^[600-developer__tools__security__CA.md].

Domain Configuration

To use a wildcard certificate for local testing, the system's hosts file must be configured to map the target domain and its desired subdomains to the local IP address (e.g., 127.0.0.1)[600-developer__tools__security__CA.md][600-developer__tools__security__CA.md].

Sources

  • 600-developer__tools__security__CA.md
  • [[Certificate Authority]]
  • [[HTTPS]]
  • [[DNS]]
  • OpenSSL