SSL/TLS Wildcard Certificates

This document provides important information regarding what a wildcard certificate is as well as advantages and disadvantages to using this type of certificate.


  • When generating a CSR for a Wildcard Certificate you will need to set the common name to and request * as the additional domain (SAN) so that both and * are valid.  If you generate the certificate with only * the base domain of will not be valid.

  •  You will also need to submit as a Multi-Domain request in the form at, where you can specify * as the additional domain.

What is a wildcard certificate?

Primary Advantage


Wildcard Certificates Terms of Service

  1. Wildcard certificates will not be issued for second level domains we administer e.g.,, etc.
  2. Wildcard certificates are not preferred for systems that store or access restricted data.
  3. After expiration, wildcard certificate renewal requests must be created with a new key pair.
  4. Requestor/Owner of wildcard certificates asserts that suitable administrative, technical and a physical safeguard are in place to protect the private key and also agrees to:
    • To track the following information about the wildcard certificate/keys:
      • Servers (and location) where the private key is stored
      • Other locations, where private key is stored e.g. backups
      • People and applications with access to the private key
      • To revoke and reissue the wildcard certificate with new key material if a known compromise occurs of a server containing the private key of the wildcard certificate.
  5. Cybersecurity may approve exceptions to these guidelines.
  6. Delegated departmental/division SSL administrators agree to follow the same guidelines for issuing wildcard certificates.