On the surface, wildcard certificates appear to be a great way to quickly and easily deploy HTTPS across subdomains. You buy one certificate and you’re good to go for unlimited subdomains. Indeed, wildcard certificates are cheaper and easier to extend. But they are not necessarily easier to manage. If you ever need to replace your domain wildcard with a more secure EV certificate, you could face a mess of subdomains to find and fix. But the most pressing reason to avoid wildcards is that they are simply less secure and can open the door to phishing attacks.
Can you scan your network for wildcard certificates?
To fully comprehend why they are less secure, you must first understand a bit about the nature of wildcard certificates. A wildcard certificate is a public key certificate used by all subdomains within a larger domain. Using a wildcard certificate on a publicly facing webserver, you can quickly secure unlimited subdomains that are all encrypted by the same certificate. Unfortunately, so can cybercriminals.
If cyber criminals infiltrate your domain, they can gain privileges that allow them to create unlimited domains—all encrypted by your wildcard certificate. Even worse, these subdomains will appear to be valid because they are authenticated by your wildcard certificate. These illegitimate subdomains allow cyber criminals to host malicious websites that they can then use in phishing campaigns.
How does this work? Any subdomain created for the domain on a webserver that uses a wildcard certificate will use the same certificate. For example, a webserver with a wildcard certificate is hosting the domain https://example.com. Anyone with access to the webserver can set up a subdomain, https://phishing.example.com, on the webserver using the wildcard certificate.
Visitors to the phishing site are not likely to realize that they are on the phishing site because their browsers establish an HTTPS connection using the legitimate wildcard certificate. All these visitors often see is the green highlighted part of the URL which signals a valid site. Most visitors are not likely to scroll through the entire URL to discover the part of the URL which would arouse suspicion about its validity.
The bottom line is that no one wants their organization’s name associated with a phishing attack. It tarnishes your reputation as well as the reliability of your brand. So, you need to make it as hard as possible for cyber criminals to infiltrate your domains and manipulate your encryption. Yes, there is increased burden issuing and maintaining server or application specific certificates but with the right certificate management platform you can both reduce risk and increase awareness through automation and intelligence.
So, it just makes sense to avoid using wildcard certificates on production systems. Instead, you should use subdomain-specific certificates that are rotated often. A compromised wildcard certificate can lead to serious repercussions. But you can avoid (or at least significantly mitigate) the potential impact of an attack by using short-lived, non-wildcard certificates.
Do you use any wildcard certificates on your domains?