(9 votes, average: 4.11 out of 5, rated)
Loading...Here’s why finding a Wildcard EV SSL certificate is as elusive as unicorns and Big Foot
Throughout history, explorers have searched for lands and creatures described in epic proportions in mythology. Everything from Sir Walter Raleigh’s search for El Dorado, the lost city of gold, to Ponce de Leon’s quest for the Fountain of Youth.
This quest is much the same for customers who seek extended validation (EV) wildcard SSL certificates. Customers come to us all the time on their misguided quest to find the “elusive” wildcard EV SSL certificates. They want to activate the green web address bar with ease across multiple subdomains — an ability that would be ideal for any business. But why are these EV wildcard certificates so hard to find?
To put it simply: because they don’t exist. (But there is a solution that accomplishes the same goal, which we’ll cover shortly.)
Why an Extended Validation Wildcard Certificate Isn’t Possible
Since you’re here, looking for a wildcard EV SSL certificate, we’re going to assume that you are already familiar with what a wildcard SSL certificate is used for: securing multiple subdomains. However, the very same properties that make a wildcard SSL certificate so great are also the same ones that create security concerns. Not following? Let us explain.
The extended validation guidelines outlined by the Certificate Authority/Browser Forum (CA/B Forum) prohibit the use of extended validation for wildcard certificates. This is because every EV SSL certificate that’s issued requires careful, in-depth vetting of the organization that’s trying to obtain it. This aims to ensure that certificates are not fraudulently issued or misused after issuance by validating that every web address that an EV SSL certificate is assigned is legitimate. For a certificate to be issued by a trusted and reputable certificate authority (CA), the organization must satisfy all of the requirements outlined by the CA/B Forum.
Wildcard EV SSL Certificates Would Create Security Concerns
Wildcard certificates undermine the very purpose of extended validation. So, as you can see, it’s not that we just don’t want to sell EV wildcard SSL certificates to you — it’s that we can’t. Not to mention, we wouldn’t be doing you or your customers any favors if we did!
After all, any qualifying subdomains that would be covered under wildcard certificates issued at the EV level would receive an EV security indicator without undergoing the rigorous scrutiny of the EV validation process. This creates an opportunity for a single compromised subdomain to be exploited as a phishing attack vector by cybercriminals — all with the EV security indicator leading customers to believe the site is safe.
Talk about finding one of the fastest routes to undermine customers’ trust in your site and organization as a whole. This tactic could lead to data breaches, identity fraud issues, and a variety of other PR nightmares.
I Still Need to Secure Multiple Subdomains — So, What’s the Solution?
We hear you. Although no certificate authority can issue EV wildcards, you still need a solution to your website security issue. The good news is that there’s something that you can purchase that will work…
Save Up to 39% on a GeoTrust Multi-Domain EV SSL Certificate
Need to secure multiple domains with extended validation to get the green address bar? We’ve got you covered with a multi-domain SSL certificate.
Get the Green Address Bar on Multiple Subdomains with a Multi-Domain EV SSL Certificate
Need to secure multiple subdomains with extended validation? We’ve got you covered with a multi-domain SSL certificate.
When you use an EV multi-domain SSL certificate, you can list each domain and subdomain as individual SANs, or Subject Alternative Name domains.
Forget about mythical solutions like wildcard EV SSL certificates. This real-world workaround will enable you to secure each of your domains and subdomains with the EV security indicators and green address bar you desire — all while remaining compliant with CA/B Forum guidelines.