Does wildcard SSL certificate covers root domain?

Does wildcard certificate also validates root domain?

There are few writings about "Does a wildcard certificate cover root domain"

According to these writings as per my understanding Single Wildcard *.example.com domain can have wildcard DNS names for multiple base domains, and can also mix in non-wildcard names
(e.g *.example.com and example.com)

Although I don't register base domain(example.com), does SSL providers automatically add the root domain as a Subject Alternative Name to a wildcard SSL certificate?

so that I don't need to add additional root-domain(example.com)?

Thank you

2 Likes

You need to generate a certificate for *.example.com and example.com. They can both be on the same certificate, but you do have to request both. There are some CAs that will only give you a certificate for the root and wildcard, but I don't know of any that let you make your own request, but then automatically amend it (and they shouldn't).

3 Likes

I think it is best to get exactly what you ask for (despite what may seem obvious).
[not for the CA to think they know more about what I need and change my request (in any way)]

Q1. How much trouble is it to add "example.com" to the "*.example.com" request (if/when needed)?

Q2. What would happen when someone requests more than 50 wildcard entries on a single cert?
[there would be no room to include more than 50 more base domains into it]

3 Likes

Some CA's might automatically also include the root domain, but Let's Encrypt doesn't: you only get what you've asked for.

5 Likes

@maxh I edited your comment above to put the domain names within backticks for clarity.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.