Web Analytics

How to Add Subdomains to Your SSL.com Certificate

Protecting subdomains is essential for comprehensive website security. SSL.com offers two solutions: Wildcard SSL for simplicity and UCC/SAN Certificates for flexibility. Below is a streamlined overview comparing the uses cases for each certificate. For technical guidance and step-by-step implementation instructions, please visit SSL.com’s Knowledgebase.

Wildcard SSL Certificates

Automatic Coverage

  • Secures example.com and all first-level subdomains (e.g., blog.example.com, shop.example.com) without needing to re-process the certificate when new subdomains are added.

Ideal For

  1. Simplifying TLS Management Across Subdomains
  • Use case: You operate multiple services under a single domain (e.g., api.example.com, mail.example.com, admin.example.com) and want to manage a single certificate. 
  • Benefit: Reduces the complexity and overhead of obtaining and managing multiple certificates. 

 

  1. DevOps and Automated Deployments
  • Use case: Automatically spin up new subdomains for development, staging, or containerized services (e.g., dev-1234.example.com). 
  • Benefit: Eliminates the need to request new certs or reissue existing ones when subdomains are created dynamically. 

 

  1. Multi-tenant SaaS Applications
  • Use case: A SaaS app creates a subdomain per customer (e.g., customer1.example.com, customer2.example.com). 
  • Benefit: Allows fast onboarding without creating a new cert per tenant. 

 

  1. Testing Environments
  • Use case: Create secure test environments under subdomains like test1.example.com, qa.example.com, etc. 
  • Benefit: Speeds up testing by covering all subdomains with a single certificate. 

 

  1. Internal Services Behind Load Balancers or Gateways
  • Use case: Load balancers or reverse proxies route requests to subdomains like node1.example.com, node2.example.com. 
  • Benefit: Use a wildcard cert to simplify secure internal routing without duplicating certs across nodes. 

 

  1. Email and Messaging Servers
  • Use case: Secure subdomains for services like smtp.example.com, imap.example.com, autodiscover.example.com. 
  • Benefit: Avoids needing individual certs for each protocol endpoint. 

 

  1. Multi-region or CDN Edge Deployments
  • Use case: Deploy region-specific subdomains like us.example.com, eu.example.com, apac.example.com. 
  • Benefit: Quickly scale global edge points while using one cert. 

Limitations

  • No support for multi-level wildcards (e.g.,?*.*.example.com) 
  • Cannot protect unrelated domains (e.g.,?example.net) 
  • Cannot be used with Extended Validation— Wildcard SSL certificates are available only as Domain and Organization Validation; EV wildcards are not permitted by industry rules 

UCC/SAN (Multi-Domain) Certificates

Key Steps to Add Subdomains

  1. Re-process Your Certificate

    • Navigate to Orders > change domain(s)/rekey in the SSL.com portal.

  2. Modify SANs

    • Re-use your CSR if organization details stay the same. For this option, click the check box for use previous csr

    • Add new hostnames (e.g., api.example.com) or wildcard SANs (e.g., *.example.com). For this option, click the Create CSR link. 

  3. Validation

    • Subdomains under previously validated roots (e.g., dev.example.com) inherit approval.

    • New parent domains (e.g., example.net) require fresh validation.

Wildcard Support Rules

  • DV Only — Multi-domain certificates with wildcard SANs are available only as Domain Validation. OV/EV multi-domain certs cannot include any wildcards; every SAN must be an explicit FQDN.

For detailed screenshots and CSR troubleshooting, visit SSL.com’s Multi-Domain Re-processing Guide.

Certificate Comparison

Feature Wildcard SSL UCC/SAN SSL
Subdomain coverage Auto-covers all first-level subdomains under one root Manual SAN listing (explicit FQDNs or *.example.com)
Multi-domain support Up to 500 domains & subdomains
Wildcard availability DV Only DV Only (OV/EV disallow wildcards)
Cost model Fixed price per cert Base price + per-SAN fee

When to Choose Which

  • Wildcard SSL
    Best for dynamic, fast-moving setups like SaaS platforms, marketing teams managing frequent campaigns, and internal environments that spin up many subdomains on a single root domain.
  • UCC/SAN SSL
    Ideal for enterprises securing many distinct domains and subdomains under one certificate—such as international brands with multiple localized sites—and when you need explicit control over each SAN.

Pro Tip – Continuous Peace of Mind

Use SSL.com’s Health Check Monitoring (HCM) service to receive real-time alerts on certificate expirations, misconfigurations, and installation issues before they affect users.

Need Assistance?

  • Quick Help: Live chat in the SSL.com portal (bottom-right corner)
  • Deep Dive: Email Support@SSL.com for architecture reviews or complex multi-domain setups
  • Windows Users: Try SSL.com Manager for streamlined CSR generation and certificate installs on Windows servers

Was this article helpful?

Yes
No
Thanks for your feedback!

SSL Support Team

All Posts

Related How Tos

View All How Tos
Facebook Twitter Youtube Github

Subscribe to SSL.com’s Newsletter

What is SSL/TLS?

Play Video

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com and stay informed of the latest changes about digital identity and encryption that can impact and enhance your life.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey