How to Use a Wildcard SSL Certificate

What Is a Wildcard SSL Certificate?

A Wildcard SSL Certificate is an SSL certificate that allows you to secure multiple subdomains under a single domain with a single certificate. For example, if you have a website with multiple subdomains, such as blog.example.com, shop.example.com, and support.example.com, a Wildcard SSL Certificate will secure these subdomains with just one certificate.

It works because the certificate is issued with an asterisk (*) in place of the subdomain name, which acts as a wildcard character. This means that the certificate will cover any subdomain that matches the pattern. So, if you have a Wildcard SSL Certificate for *.example.com, it will cover blog.example.com, shop.example.com, support.example.com, and any other subdomain that matches the pattern.

If you want to use your WildCard SSL Certificate on your Bluehost hosting account, using mod_rewrite is the way to go. However, you may encounter a limitation in WHM that only allows one virtualhost entry. This can be tricky, but don't worry; this article is here to guide you through the process step-by-step.

By the end of this guide, you'll better understand how to set up mod_rewrite and make the most of your WildCard SSL Certificate. So, let's get started!

• What Is the Difference Between a SAN Certificate and a Wildcard Certificate?
• Folder Structure
• When Should I Request an SSL Wildcard Certificate?
• How to Use a Wildcard SSL Certificate
  • Generic mod_rewrite Rule
  • WordPress/Drupal/Joomla mod_rewrite Rule
  • Subdomains/DNS
• Do SSL Wildcard Certificates Work with All Servers and Browsers?
• Can I Share the IP Address with All the Subdomain Names?
• Summary

What Is the Difference Between a SAN Certificate and a Wildcard Certificate?

A SAN (Subject Alternative Name) certificate and a Wildcard certificate are both types of SSL/TLS certificates used to secure websites by encrypting data transmitted between the server and the client. However, they serve different purposes and have distinct characteristics:

SAN Certificate:

• Purpose. SAN certificates are designed to secure multiple domain names and subdomains with a single certificate. They're ideal for organizations that need to secure a variety of domain names that don't follow a singular pattern, such as www.example.com, mail.example.org, and payment.example.net.
• Flexibility. A key feature of SAN certificates is their flexibility. You can add, remove, or change the domain names covered by the certificate. This makes it a versatile option for businesses with evolving security needs.
• Use cases. They're often used in environments where multiple services are hosted across different domains and subdomains, such as enterprise environments with various applications on separate domains.

Wildcard Certificate:

• Purpose. Wildcard certificates are used to secure a domain and an unlimited number of its first-level subdomains with a single certificate. For example, a wildcard certificate for *.example.com can secure www.example.com, mail.example.com, shop.example.com, etc.
• Simplicity. Wildcard certificates offer a simple way to manage SSL/TLS for websites that have multiple subdomains under a single domain. This can be more cost-effective and easier to manage than getting individual certificates for each subdomain.
• Limitation. The major limitation of wildcard certificates is that they only cover first-level subdomains of the domain they are issued to and do not support securing multiple distinct domain names or second-level subdomains (like *.sub.example.com).

Folder Structure

The subdomain must be assigned to a folder underneath the folder to which its parent domain is assigned. Because of how subdomains are assigned, it's easy to put them outside the parent domains folder. In this situation, you will need to reassign the domain to a folder under the parent domain.

Example: Say you have a wildcard SSL certificate, for example.com. Example.com is assigned to the public_html folder. I want to use my certificate on sub.example.com. In this case, sub.example.com should be assigned to public_html/sub/ because the sub is a directory underneath public_html.

When Should I Request an SSL Wildcard Certificate?

You should consider requesting an SSL Wildcard Certificate in several specific scenarios that align with your website's needs and the structure of your online presence. These are some situations where a Wildcard SSL Certificate would be beneficial:

• Multiple subdomains. If your website uses multiple subdomains for different functions or services (like shop.example.com, blog.example.com, and mail.example.com), a Wildcard Certificate can secure all of them under one primary domain (e.g., *.example.com), simplifying your SSL management.
• Growing online presence. For businesses planning to expand their online services or add more subdomains in the future, a Wildcard Certificate provides the flexibility to secure new subdomains without needing to purchase and manage additional SSL certificates.
• Cost-effectiveness. Managing multiple SSL certificates for each subdomain can be costly and administratively burdensome. A Wildcard Certificate can be more cost-effective and easier to manage.
• Ease of management. With a single Wildcard Certificate for all your subdomains, you simplify the renewal process, reduce administrative overhead, and eliminate the risk of having some subdomains unprotected due to overlooked renewals.
• Development and testing environments. If you maintain separate subdomains for development, staging, or testing purposes (like dev.example.com or test.example.com), a Wildcard Certificate can secure these without the need for separate certificates for each environment.
• SaaS platforms. For Software as a Service (SaaS) providers that offer customized subdomains to their users (such as customer1.service.com and customer2.service.com), a Wildcard Certificate ensures that all customer subdomains are secured under one umbrella.

How to Use a Wildcard SSL Certificate

The purpose of using mod_rewrite is to manipulate URLs and make them more readable, user-friendly, and search engine-friendly. It's a powerful tool that allows you to rewrite URLs based on various conditions using regular expressions.

The .htaccess file is located in the parent domain's folder. While you can use an FTP or an SSH client to access the file, we will use the File Manager for this article.

1. Log in to your Bluehost Account Manager.
2. Click the Hosting tab on the left-hand side menu.
   
3. Next, click the File Manager button under Quick Links.
   
4. Look for the Settings button towards the upper right corner of your screen.
5. From here, click the Preferences popup and the checkbox for Show Hidden Files (dotfiles).
   
6. Scroll to locate the .htaccess file from the list.
7. Right-click on the file, then click on Edit from the menu.
   
8. A dialogue box may ask about encoding; click the Edit button to continue. The editor will open in a new window.
9. Edit the file as needed.
   • If you have a basic HTML site, follow the instructions under the Generic mod_rewrite Rule section.
   • If you have a WordPress, Joomla, or Drupal site, follow the instructions under the WordPress/Joomla/Drupal mod_rewrite Rule section.
10. Click Save Changes.

Generic mod_rewrite Rule

If you have a basic HTML site, copy the following text into your public_html/.htaccess file.

# Bluehost .htaccess WildCard SSL
RewriteEngine On
RewriteCond %{HTTP_HOST} ^subdomain.example.com$
RewriteCond %{REQUEST_URI} !^/subfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /subfolder/$1
RewriteCond %{HTTP_HOST} ^subdomain.example.com$
RewriteRule ^(/)?$ subfolder/index.php [L]

Once you have modified this code, you should clear your browser cache to be able to see the redirect.

WordPress/Joomla/Drupal mod_rewrite Rule

For WordPress, Joomla, or Drupal sites, copy the following code:

• If just the Subdomain holds either a WordPress, Joomla, or Drupal Site
• The parent domain does not copy the following code if your subdomain holds a WordPress, Joomla, or Drupal site.

  You must replace the subdomain with your subdomain and example.com with your domain name.

  # Custom subdomain .htaccess SSL + WordPress
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^subdomain.maindomain.com$
  RewriteCond %{REQUEST_URI} !^/subfolder/
  RewriteRule ^(.*)$ /subfolder/$1
  RewriteCond %{HTTP_HOST} ^subdomain.maindomain.com$
  RewriteRule ^(/)?$ subfolder/index.php [L]
  # End custom subdomain .htaccess

• If the Parent Domain has WordPress
• If the parent domain and the subdomain have either a WordPress, Joomla, or Drupal site, copy the following code into your .htaccess file. This code will replace the WordPress permalink code.

  You must replace the subdomain with your subdomain and example.com with your domain name.

  # Custom subdomain .htaccess SSL + WordPress
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^subdomain.maindomain.com$
  RewriteCond %{REQUEST_URI} !^/subfolder/
  RewriteRule ^(.*)$ /subfolder/$1
  RewriteCond %{HTTP_HOST} ^subdomain.maindomain.com$
  RewriteRule ^(/)?$ subfolder/index.php [L]
  # End custom subdomain .htaccess
  
  # Custom maindomain .htaccess WordPress
  RewriteEngine On
  RewriteBase /
  RewriteCond %{HTTP_HOST} ^(www.)?maindomain.com$
  RewriteRule ^index\.php$ - [L]
  RewriteCond %{HTTP_HOST} ^(www.)?maindomain.com$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]
  # End custom maindomain .htaccess

You may need to clear your browser cache for the new rules. After that, your Wildcard SSL certificate should be working.

Wildcard Subdomains or DNS

Bluehost does support the creation of Wildcard DNS/Subdomains. To create them, follow these steps:

1. Log in to your Bluehost Account Manager.
2. Click the Subdomains icon located in the Domains section.
3. In the Subdomain name field, enter the "*" character. (Shift + 8)
4. Leave the Document Root set to default.
5. Select Create.

After this has been done, the record will be added to your domain's DNS entry. You can then look up any properly formed subdomain and have it resolved.

If you'd like to create a redirect for this subdomain so that every subdomain gets redirected to www, for instance, you can modify the following lines of code and insert them into the .htaccess file found in the public_html/wildcard folder.

RewriteEngine on
RewriteBase /
#for all requests on mydomain.com
RewriteCond %{HTTP_HOST} mydomain\.com$ [NC]
#if they are not for the www.mydomain.com
RewriteCond %{HTTP_HOST} !^www\.mydomain\.com$ [NC]
#301 redirect to www.mydomain.com
RewriteRule (.*) http://www.mydomain.com/$1 [R=301,L]

You can use the file manager to edit the .htaccess file. To get to the file manager, go to the panel, scroll down to the files section, and then click on file manager. Select the option for webroot and show hidden files, then press go. Once you see the contents of the public_html/wildcard folder on the right of the screen, right-click the .htaccess file and select edit, then press edit again. Put the code at the top of the .htaccess.

Do SSL Wildcard Certificates Work with All Servers and Browsers?

SSL Wildcard Certificates are broadly compatible with all major web servers and browsers. Whether you're using Apache, Nginx, IIS, or browsing through Google Chrome, Mozilla Firefox, Safari, Microsoft Edge, or Opera, Wildcard Certificates facilitate encrypted communications for all subdomains under a primary domain. However, it's essential to obtain your certificate from a trusted Certificate Authority recognized by browsers to avoid security warnings. Given the shared nature of the certificate across subdomains, prioritizing the security of the private key is crucial to prevent compromises. This makes Wildcard Certificates a convenient yet secure option for website encryption.

Can I Share the IP Address with All the Subdomain Names?

Yes, you can share a single IP address with all your subdomain names through the use of a Wildcard SSL certificate and proper DNS configuration. By pointing all your subdomains to the same IP address in your DNS settings and securing them with a Wildcard SSL certificate, you can ensure that each subdomain can be accessed securely over HTTPS without needing a unique IP address for each one. This approach simplifies hosting and SSL management, making it efficient and cost-effective for websites with multiple subdomains.

Summary

Wildcard SSL Certificates are a convenient and cost-effective way to secure multiple subdomains under a single domain. They offer the same level of encryption as a regular SSL Certificate and are recognized by all major browsers.

Knowing how to use a wildcard SSL Certificate in a Bluehost hosting account can be made possible with the help of mod_rewrite. While there may be some limitations in WHM that only allow one virtualhost entry, this guide has provided step-by-step instructions to help you overcome them. By assigning the subdomain to a folder underneath the folder to which its parent domain is assigned and using the appropriate mod_rewrite rule for your website, you can get your WildCard SSL Certificate up and running quickly. Remember to clear your browser cache after making changes to see the redirect. With these tips and tricks, you can make the most of your WildCard SSL Certificate and ensure the security of your website.