Wildcard SSL

Wildcard SSL Certificates – A Double-Edged Sword

August 24, 2017 | By Comodo SSL

The disadvantages of Wildcard SSL Certificates have been written about widely. But they have been spared by hackers from being exploited chiefly because they are expensive; because hackers are not usually willing to spend too much in getting these digital certificates to make their malicious phishing websites appear legitimate. But this situation is going to change soon.

A Double-Edged Sword

Because Let’s Encrypt, a Certifying Authority which offers DV SSL Certificates for free, is now planning to come out with free wildcard SSL Certificates as well in the year 2018. This is going to change online security drastically. Phishing attacks will rise. Many gullible online users will be deceived. As the disadvantages posed by wildcard SSL Certificates can now be put to the fullest use by hackers – without they having to spend a penny!

Even before these digital certificates make it to the market, many IT security experts are predicting that these certificates will soon become a favorite tool of choice for hackers who so far have restricted themselves to exploiting only DV SSL Certificates.

Free Wildcard Certificates Will Open The Doors For Phishers

One of the major reasons wildcard certificates are dangerous is that these digital certificates usually cover may subdomains. That is, all you have to do is buy a single SSL Certificate which will apply or protect many subdomains that may be available in an enterprise. To be more generic, wildcard certificate serves as the single lock for many doors.

So all hackers have to do is get that get their hands on that one key and they’ll be able to open all the doors. Once they have access to that wildcard certificate, they’ll be able to successfully impersonate every subdomain belonging to a website and thus deceive gullible online users.

How Browsers View Wildcard SSL Certificates

Another reason why wildcard SSL Certificates will be highly favored for hacking is because of how browsers view them. Sub-domain names will not be explicitly visible to these browsers. All the sub-domains will be replaced by an asterisk (*). Here, asterisk (*) stands for all the sub-domains.

So even if there is a suspicious sub-domain created by hackers, its name won’t be visible to the browser. To your browser only asterisk (*) would be visible. Therefore, to your browser, it will appear as a safe, SSL Certified website. While wedged between those sub-domains, could be a fake sub-domain created by hackers intended to deceive online users.

Wildcard SSL Certificates Successfully Evade Certificate Transparency Logs

Certificate Transparency Logs is a list of approved SSL Certificates issued by various CA(s). It can be referred to detect improperly issued certificates and those issued without necessary authorization. However, this method works only if the entire hostname is included in the certificate, which is, unfortunately not the case with wildcard certificates, as the sub-domain names are replaced with an asterisk(*) in them. Another reason for hackers to use free wildcard SSL Certificates for hacking purposes.

Final Words:

While avoiding SSL Wildcard Certificates totally is definitely not a viable option because of the advantages they bring along, the best thing would be to choose them wisely. By wisely, we mean avoiding free SSL wildcard certificates altogether because of the risks they pose. We don’t live in an ‘everything is for free’ world. Good things always cost you. Remember this piece of advice when purchasing SSL Wildcard Certificate for your enterprise.

Compare Types of SSL Certificate

Posted in Wildcard SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory