Difference between wild card SSL

A wildcard covers only one level. So *.example.com will cover foo.example.com, bar.example.com, and staging.example.com but not foo.staging.example.com or example.com.

However you can have multiple names (including wildcards) on the same certificate, so in principle a single certificate could be issued covering all the above names.

I know that CAs will happilly issue certificates covering both example.com and *.example.com, I'm not sure what typical policies are on issuing certificates with more names.

Also I would question whether this is really what you want. Do you really want to put your production secrets on your staging server?

A wildcard only matches one domain level, so *.staging.example.com would not be matched and you need another cert for subdomains of it.


As mentioned by Peter and Sven, a wildcard will only support one wildcard level in the domain name. This said, you have many possible ways to implement a naming scheme.

You can easily set up the servers in your production environment ( work.example.com ) and use the same certificate for your staging ( stagingwork.example.com ) and development ( devwork.example.com ) servers (those are separate from your production servers, correct? :) ). One certificate, many hosts and domain names.