Secure Socket Layers aka SSL certificates are very much in demand for websites, as it helps in securing the connection between the server and the client by encrypting the entire session. You can also consider SSL as a vaccine for websites, and without it, the websites are prone to many vulnerable security breaches like hacking, theft, and malware attacks. Thus, making it the most important component of the online business module. Although, what if you have a sub-domain on your website? Will an SSL certificate work for a subdomain?
Let’s try connecting the dots!
Contents
Will an SSL certificate work for a subdomain?
Yes, an SSL certificate will definitely work for a subdomain. Nowadays, most of the CA’s provide SSL security for the non-www versions, if the website is generated using “www.” But if you are running a larger enterprise and have multiple domains and sub-domains, you can always opt for a Wildcard SSL certificate or a Multiple-domain Wildcard SSL certificate to secure all of them under a single SSL certificate.
But, how to know which one fits well for your website?
Don’t worry I will be covering it in detail in the next segment, but first, let’s understand what is a subdomain.
What is a sub-domain?
A subdomain is a part of the root domain or the main domain. In simple terms, a subdomain is a child domain to its parent(root) domain.
For example, there is a website called furniture.com. Now, here “.com” is a top-level domain, whereas “furniture.com” is a second or root-level domain.
Now, if the owner of the website decides to describe the products more briefly, he can get a subdomain under the root level domain, which will make the URL look like this, “products.furniture.com”. Here “products.furniture.com” will be the subdomain or third-level domain. Basically, the child domain or third level domain is created for ease of navigation.
Although, there are two types of SSL certificates for the subdomain level, and they are mentioned below.
Types of subdomain SSL certificates:
- Wildcard SSL certificate:
The Wildcard SSL certificate is useful, if you own a single domain, but have multiple sub-domains that are to be secured with a single SSL certificate at the same level.
Now, if we consider the previous example of furniture.com, furniture.com is the main or root domain for which the Wildcard SSL is issued. But if the owner wants to encrypt his three sub-domains, i.e., product1.furniture.com, product2.furniture.com, and product3.furniture.com, on the same level he can easily do it under one Wildcard SSL certificate.
Wildcard SSL certificates are available for two-level validations; (1) Domain Validation, and (2) Organization Validation.
Although, if you want to encrypt multiple domains too, Wildcard cannot be considered.
- Multiple Domain Wildcard SSL certificate:
Multiple Domain Wildcard SSL certificate is the best option for you if you wish to secure multiple domains and sub-domains under one certificate. Multiple domain Wildcard SSL certificate provides multiple certificates for different main domains. Although, most of the multi-domain wildcard SSL certificates include 2 to 4 SANs by default, and can cover up to 250 domains under the same SSL certificate, with an extra charge on each additional SAN.
For example; an owner runs two websites; furniture.com and furniturefix.com. Now, if he wishes to apply for a single SSL certificate for multiple domains, that also has multiple sub-domains, he can easily do it with the Multiple Domain Wildcard SSL Certificate.
It will look like this;
For furniture.com
- Product1.furniture.com
- Product2.furniture.com
- Product3.furniture.com
And, for furniturefix.com
- Product1.furniturefix.com
- Product2.furniturefix.com
- Product3.furniturefix.com
Multiple Domain Wildcard SSL certificate functions on two levels; Domain Validation (DV), Organization Validation (OV).
Why SSL certificate is required in HTTP?
SSL certificate is required in HTTP because an SSL certificate encrypts the entire communication between a website and a server, thus, keeping user data secure, verifying ownership of the website, preventing attackers from creating a duplicate website, and conveying trust to the users.
Therefore, when an SSL certificate is installed on an HTTP website, the protocol changes to HTTPS, where the “S” indicates “Secure.” Thus, making HTTPS website traffic encrypted using an SSL certificate.
Do you need SSL for the subdomain?
Yes, you always need an SSL certificate for a subdomain because an SSL certificate encrypts and secures the communication on subdomains. Since 2014, Google has announced that it favors encrypted websites.
So, if your subdomain is not secured by an SSL certificate, then Google will throw a pop-up to the users saying, “This connection is not secure”, thus making it tough for the users to trust the webpage, which in turn will result in the fall of user traffic on that particular website, making your business vulnerable.
Does an SSL certificate cover a sub-domain?
Yes, a Wildcard SSL certificate and Multiple Domain Wildcard SSL certificate cover subdomains.
Although, if you are confused about which one to choose, I will recommend the Wildcard SSL certificate, if you own a single domain and multiple sub-domains. And, the Multiple Domain Wildcard Certificate if you own multiple domains as well as subdomains.
Do SSL certificates work for sub-domains?
Yes, SSL certificates work for sub-domains. Again, if you have a single domain and multiple subdomains, use a Wildcard SSL certificate, or else use a Multiple Domain Wildcard SSL Certificate for multiple domains and sub-domains.
Although, if you are using a Multiple Domain Wildcard SSL certificate, then you need to treat your sub-domains as separate SAN.
Final Remarks:
Installing an SSL certificate on a website is the best investment, that you can make if you want to see your business grow with solid customer trust. Although, many a time we tend to create multiple sub-domains to elaborate our niche, which makes it harder for a single-domain SSL certificate to protect them.
Thus, the need arises to install a Wildcard SSL certificate or a Multiple Domain Wildcard SSL certificate on a website, in order to make a subdomain or multiple subdomains secure and encrypted.