SSL/TLS Wildcard Certificates

This document provides important information regarding what a wildcard certificate is as well as advantages and disadvantages to using this type of certificate.

Instructions

  • When generating a CSR for a Wildcard Certificate you will need to set the common name to department.wisc.edu and request *.department.wisc.edu as the additional domain (SAN) so that both department.wisc.edu and *.department.wisc.edu are valid.  If you generate the certificate with only *.department.wisc.edu the base domain of department.wisc.edu will not be valid.

  •  You will also need to submit as a Multi-Domain request in the form at https://servercertificates.wisc.edu, where you can specify *.department.wisc.edu as the additional domain.

What is a wildcard certificate?

Primary Advantage

Disadvantages

Wildcard Certificates Terms of Service

  1. Wildcard certificates will not be issued for second level domains we administer e.g. wisc.edu, wisconsin.edu, etc.
  2. Wildcard certificates are not preferred for systems that store or access restricted data.
  3. After expiration, wildcard certificate renewal requests must be created with a new key pair.
  4. Requestor/Owner of wildcard certificates asserts that suitable administrative, technical and a physical safeguard are in place to protect the private key and also agrees to:
    • To track the following information about the wildcard certificate/keys:
      • Servers (and location) where the private key is stored
      • Other locations, where private key is stored e.g. backups
      • People and applications with access to the private key
      • To revoke and reissue the wildcard certificate with new key material if a known compromise occurs of a server containing the private key of the wildcard certificate.
  5. Cybersecurity may approve exceptions to these guidelines.
  6. Delegated departmental/division SSL administrators agree to follow the same guidelines for issuing wildcard certificates.