3 Common Wildcard Certificate Risks You Should Know About

SSL/TLS certificates issued by trusted Certificate Authorities (CAs), either public or private, are used to authenticate a single domain in public facing websites. Organizations with a handful of public domains and subdomains would have to issue and manage an equal number of digital certificates, increasing the complexity of certificate lifecycle management. The good news is that there is a solution to bypass this burden.

Wildcard certificates promise simplicity, but are they the solution to all our prayers?

Let’s start with a definition. Simply put, a wildcard certificate is a public key certificate that can be used on multiple subdomains. For example, a wildcard certificate issued for https://*.examplecompany.com could be used to secure all subdomains, such as:

• blog.examplecompany.com
• mobile.examplecompany.com

Here comes the obvious benefit of using wildcard certificates: with a single digital certificate, I can secure and authenticate all my public facing subdomains, avoiding the hassle of managing multiple certificates. Instead of purchasing separate certificates for my subdomains, I can use a single wildcard cert for all domains and subdomains across multiple servers.

However, wildcard certificates cover only one level of subdomains since the asterisk does nοt match full stops. In this case, the domain resources.blog.keyfactor.com would not be valid for the certificate. Neither is the naked domain keyfactor.com covered, which will have to be included as a separate Subject Alternate Name.

SSL wildcard certificates can be very helpful for organizations seeking to secure a number of subdomains, while looking for flexibility. The key strengths of wildcard certificates are:

• Secure unlimited subdomains: A single wildcard SSL certificate can cover as many subdomains as you want, without having to install a separate certificate for each subdomain.
• Ease of certificate management: Deploying and managing effectively individual SSL certificates to secure an increasing number of public facing domains, cloud workloads and devices is a daunting task. Wildcard certificates make the management of certificates a piece of cake.
• Cost savings: Although the cost of issuing a wildcard certificate is higher than a regular SSL certificate, it is a cost-effective option especially if you consider the total cost required to secure all your subdomains by their own certificate.
• Flexible and fast implementations: Wildcard certificates are the perfect option to launch new sites on new subdomains, which can be covered by your existing certificate. There is no need to wait for a new SSL certificate to be issued, saving you time and expediting time to market.

Wildcard certificates are used to cover all listed domains with the same private key making it easier to manage. Despite the benefits, the use of wildcard certificates creates significant security risks since the same private key is used across dispersed systems, increasing the risk of an organization-wide compromise.

If the private key of an ordinary SSL certificate is compromised, only the connections to the individual server listed in the certificate are affected and the damage is easy to be mitigated. On the other hand, the private key of a wildcard certificate is a single point of a total compromise. If that key is compromised, all secure connections to all servers and subdomains listed in the certificate will be compromised.

The above point, raises another one problem: How do you effectively and securely manage that private key across so many distributed servers and teams? Practice has shown that stolen or otherwise mishandled private keys is a root cause for masquerading attackers’ footprints and look like legitimate. Gaining access to a wildcard certificate’s private key provides attackers with the ability to impersonate any domain covered by the wildcard certificate. In addition, cybercriminals can leverage a compromised server to host malicious sites for phishing campaigns. It only takes one server to be compromised and all the others will be vulnerable.

If the wildcard certificate is revoked, the private key will need to be updated on all servers that use that certificate will need to be updated. And this update will have to take place at one time to avoid disrupting the smooth flow of data. The same applies when the wildcard certificate expires. Updating revoked or nearly expired wildcard certificates results in significant work, which can be even harder depending on the geographic distribution of the covered servers and the level of visibility you have on your infrastructure. If the wildcard certificate is not renewed in time, you could face a significant outage, disrupting business continuity.

Before planning on whether to use wildcard certificates or not, you should define the objectives to be met by deploying these certificates. Wildcard certificates can have a valid use case in a few limited circumstances.

On the other hand, you should never use wildcard certificates on production systems. Instead, you should opt for domain-specific certificates that are rotated often. A compromised wildcard certificate can have serious implications which can be mitigated by using short-lived SSL/TLS certificates.

Whether you are using wildcard certificates or not, you will need to ensure that you have visibility into every certificate your organization possesses and establish processes to renew or replace them. Except for limiting the use of wildcard certificates in your organization, here is what you must do to ensure an effective certificate lifecycle management:

• Keep an accurate and up-to-date inventory of certificates in your environment, documenting key length, hash algorithm, expiry, locations, and the certificate owner.
• Ensure that private keys are stored and protected according to industry’s best practices (i.e., using a certified HSM).
•  Automate certificate renewal, revocation, and provisioning processes to prevent unexpected expirations and outages.

Certificate lifecycle automation tools like Keyfactor Command are built to address these challenges. The rapid growth in the number of keys and certificates in organizations has rendered manual and homegrown methods obsolete. But before you go out and shop around for a certificate management platform, make sure you have documented your requirements and that the candidate platform is the solution to your needs.

Get a quick overview of how Keyfactor enables visibility, agility, and control over your keys and certificates.