Wildcard Certificates

Thawte Wildcard Certificates

A Wildcard Certificate conveniently allows you to secure multiple sub domains on one domain on the same server using *.domain.com pattern for the common name.

The Thawte Wildcard Certificate offers comprehensive authentication procedures (domain name and identity verification). It also offers 256, 128, 56 or 40-bit encryption depending on your client's browser capability and the cipher suite installed on your web server. This ensures that information is kept private between your web server and your clients' web browsers.

Certificate Features and Benefits:

Is this the right product for my business?

The Certificate allows you to manage multiple sub domains on a single domain on a single server with a single Certificate. Moving this environment from multiple certificates to a single certificate significantly reduces management time and all associated costs.

Authentication procedures standard with a Thawte Wildcard Certificate.

• Company registration details are confirmed
• Confirmation that the domain is owned by said registered company, or that the company has the right to make changes to the domain.
• 3rd party confirms that the authorized person requesting certificate is employed by requesting party.

Technical details:

What does a wildcard do?

This product is a Web Server certificate that conveniently allows you to secure multiple sub domains on one domain on the same server using *.domain.com pattern for the common name. The ‘*’ is a special symbol that stands for one or more characters. This means that you can secure many different sub domains with one Wildcard Certificate, such as customer.domain.com or supplier.domain.com or anything.domain.com etc. Many operating systems and applications support wildcards for identifying files and directories. This enables you to select multiple sub domains with a single specification.

What is a subdomain?

A sub domain is also called a child domain, a domain that is part of a larger domain name in a DNS hierarchy. For example, in the domain name customer.Thawte.com, "customer" is a sub domain of the larger second-level domain "Thawte.com."

256-bit SSL encryption

Thawte’s Wildcard certificates are capable of providing 256-bit encryption – the current industry standard.

With Thawte, you are dealing with a “root” certification authority.

This means that Thawte is not reliant on another entity’s root infrastructure to deliver trusted SSL certificates to its customers.

Certificate Signing Request (CSR) File

The process of applying for a Thawte signed digital certificate begins with the generation and submission of a Certificate Signing Request (CSR) file. Thawte then verifies your identity, and when satisfied, signs that request file, using the trusted Thawte CA root key, and issues it to you as your certificate.

Securing a 2 or 3 letter domain names

Unfortunately, it is not possible to secure a 2 letter domain name (ex. *.ue.com) or a 3 letter domain name (ex. *.you.com). You will be required to add 2 additional characters to the common name when generating the csr for a 2 letter domain name (ex. *.uexx.com) and 1 additional character for a 3 letter domain name (*.youx.com). Once the order is in our system, our Customer Services department will remove these additional characters and issue it to the correct domain name.

Securing the base domain name

When you enroll for a Wildcard certificate it gets issued to *.yourdomain.com, and because all SSL certificates are tied to the exact fully qualified domain name, you will not be able to secure the base domain name, which in this example will be yourdomain.com. In order to secure the base domain name, yourdomain.com, you will be required to purchase an additional certificate.

Valid certificate

When we issue your certificate it will contain two critical pieces of information. The first is the "Distinguished Name", which is a set of values that describes your country, state or province, city or town, organization, division within that organization and your web server domain name. The second is your public key.

Secure Internationalized Domains:

Thawte now provides SSL certificates to customers who use Internationalized Domain Names – the first Certification Authority to offer this. Internationalized Domain Names (IDNs) provide a convenient mechanism for users to access websites in their preferred language.

Thawte's systems are now able to recognize and issue certificates that contain local language characters in all certificate fields.

What this means is that you can now buy an SSL123 Certificate, an SSL Web Server Certificate or an SGC SuperCert to secure the website you have hosted on an Internationalized Domain Name.

Not only will your secured Internationalized Domain content be reflected in the certificate details, but your Thawte Trusted Site Seal will also reflect your local language content. Thawte systems are also fully internationalized across all certificate enrollment details including Code Signing Certificate product lines.

Online Certificate Status Protocol:

A major software vendor has released a beta version of their browser that will have automatic certificate revocation checking as a default option

This new checking protocol will maximize the speed of checking the status of Thawte certificates and will minimize the possibilities of online fraud as invalid certificates and companies will immediately be exposed to the end customer

Thawte has invested significantly in the infrastructure which can support OCSP - something not all CAs will be able to provide and support.