I have deployed SSL certificates on various websites however this wildcard SSL certificate is totally new to me. I have question that If I am buying a SSL certificate *.example-private.com, Will it work for *.staging.example-private.com Or Do I have to buy a different wild card SSL for staging site. I am going to implement this on new sites.
A wildcard covers only one level. So
*.example.comwill coverfoo.example.com,bar.example.com, andstaging.example.combut notfoo.staging.example.comorexample.com.However you can have multiple names (including wildcards) on the same certificate, so in principle a single certificate could be issued covering all the above names.
I know that CAs will happilly issue certificates covering both
example.comand*.example.com, I'm not sure what typical policies are on issuing certificates with more names.Also I would question whether this is really what you want. Do you really want to put your production secrets on your staging server?
A wildcard only matches one domain level, so
*.staging.example.comwould not be matched and you need another cert for subdomains of it.https://en.wikipedia.org/wiki/Wildcard_certificate
As mentioned by Peter and Sven, a wildcard will only support one wildcard level in the domain name. This said, you have many possible ways to implement a naming scheme.
You can easily set up the servers in your production environment ( work.example.com ) and use the same certificate for your staging ( stagingwork.example.com ) and development ( devwork.example.com ) servers (those are separate from your production servers, correct? :) ). One certificate, many hosts and domain names.
Wildcard SSL Certificate can secure only first level sub-domains of the common name (CN), so when the certificate issued for *.example-private.com it can secure the root domain and it's all first level sub-domains as below.
To secure second level sub-domains as *.staging.example-private.com, you have two options.
1. Purchase another wildcard certificate:
Your administrator needs to purchase the different certificates for each one and manage all certificates configuration, renewal, expiry, and installation.
2. Purchase Multi-Domain wildcard certificate:
This product allows you to secure up to 100 websites and its unlimited sub-domains with a single certificate. You need to set *.example-private.com as your primary domain name and add another domain names in the SAN field.
For Example:
For more information about how multi-domain wildcard certificate works, you can refer this link - https://www.ssl2buy.com/comodo-multi-domain-wildcard-ssl.php
For instance,
example.com, www.example.com, blog.example.com,could all be secured using the same wildcard SSL as they all use the same primary domain. However,billing.yoursitesdomain.comcould not be used with this certificate, as it is using a different primary domain.one thing more
LE supports "SAN"certificates where you need to specify every domain. There's no wildcards. for more detail see this LetsEncrypt Subdomain wildcardone thing more
this thread says Ideally, our staging sites (*.our-agency-staging-domain.com) would all share the same self-signed SSL certificate. That would allow us to:
Automatically make HTTPS available for all staging sites
Avoid the cost and time overhead of purchasing 2 or 3 certs for each project
Deliver a better experience to our developers
another good link
You might have misinterpreted the function of Wildcard certificate. Wildcard SSL Certificate issued on *.example-private.com will only secure single level, for example;
Now if you want to secure second level sub-domains, you should go with Multi-Domain Wildcard certificate. This certificate will secure domains as under:
I suggest you to browse this article to know more how Wildcard SSL can be helpful to secure sub-domains.