SSL Wildcard Certificates

This document provides important information regarding what a wildcard certificate is as well as advantages and disadvantages to using this type of certificate.

What is a wildcard certificate?

Primary Advantage

Disadvantages

Wildcard Certificates Terms of Service

  1. Wildcard certificates will not be issued for second level domains we administer e.g. wisc.edu, wisconsin.edu, etc.
  2. Wildcard certificates should not be used for systems that store or access restricted data.
  3. Wildcard certificates will be limited to a validity period of 2 years.
  4. After expiration, wildcard certificate renewal requests must be created with a new key pair.
  5. Where possible, wildcard certificates should not be used in cases where there are less than 10 fully qualified domain names needed. Multi-domain SSL certificates should be considered in these cases.
  6. Requestor/Owner of wildcard certificates asserts that suitable administrative, technical and a physical safeguard are in place to protect the private key and also agrees to:
    • To track the following information about the wildcard certificate/keys:
      • Servers (and location) where the private key is stored
      • Other locations, where private key is stored e.g. backups
      • People and applications with access to the private key
      • To revoke and reissue the wildcard certificate with new key material if a known compromise occurs of a server containing the private key of the wildcard certificate.
  7. The Chief Information Security Manager (CISM) must approve exceptions to these guidelines.
  8. Delegated departmental/division SSL administrators agree to follow the same guidelines for issuing wildcard certificates.