Order a wildcard SSL certificate

Use these instructions to order a Secure Site Wildcard SSL or Wildcard SSL Certificate.

After submitting your order to DigiCert, you will need to complete domain validation for the domain on the order (demonstrate control over the domain) before we can issue your certificate. See Prove control over domains on your SSL certificate order.

In the sidebar menu of your CertCentral account, hover over Request a Certificate and then select the certificate you want to order.

  • Under Business SSL Certificates, click Secure Site Wildcard SSL.
  • Under Basic SSL Certificates, click Wildcard SSL.

Add your CSR

We use information included in your CSR to populate corresponding values in the order form: Common Name, Other Hostnames (SANs), Organization Unit, and Organization. If any of this information is not included in the CSR, the field in the form is left blank

To remain secure, certificates must use at least a 2048-bit key size. For more information and instructions about creating a CSR, see Create a CSR (Certificate Signing Request).

Add your CSR before you start filling out the order form. Adding the CSR after will overwrite or delete information from the specified fields in the form (such as the Organization Unit field).

On the Request "Certificate Name" page, under Certificate Settings, in the Add Your CSR box, use one of these options to add your CSR:

  • Upload your CSR
    Click the Click to upload a CSR link to browse for, select, and open your CSR file.
  • Paste your CSR
    Use a text editor to open your CSR file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags and paste it in to the Add Your CSR box.

Common Name

After adding your CSR, we populate the Common Name with the common name from the CSR.

Make sure to format the common name correctly (*.example.com).

To add the common name yourself, use one of these options:

  • Add a recently created domain
    Under Common Name, expand Show Recently Created Domains and select one of the available domains.
    Because you are ordering a wildcard certificate, make sure to format the common name correctly (*.example.com).
    When selecting a recently created domain, you will need to check and see if the domain validation (demonstrate control over the domain) has been completed. Domain validation must be completed before we can issue your certificate. See Prove control over domains on your SSL certificate order.
  • Add a new domain
    Under Common Name, in the Common Name box, type the domain that you want to secure.
    When adding a new domain, you will need to complete domain validation (demonstrate control over the domain) before we can issue your certificate. See Prove control over domains on your SSL certificate order.
    Because you are ordering a wildcard certificate, make sure to format the common name as a wildcard (*.example.com).

Other Hostnames (SANs)

After adding your CSR, we populate the Other Hostnames (SANs) box with the SANs included in the CSR. You can still remove or add additional SANs as needed.

Single wildcard domain certificate

In the Other Hostnames (SANs) box, enter the subdomain(s) that you want your Wildcard Certificate to secure. Note that the SANs names must be a subdomain of the specified common name. For example, if *.yourdomain.com is the common name, you can use www.yourdomain.com, www.app.yourdomain.com, and mail.yourdomain.com as SANs.

Multiple-wildcard-domain certificate

Adding wildcard domains (*.yourdomain.com, *.anotherdomain.com, etc.) increases the cost of the certificate.

In the Other Hostnames (SANs) box, enter the wildcard domains and subdomains that you want to secure. The SANs must be a wildcard domain (for example, *.yourdomain.com) or based off your listed wildcard domains. For example, if one of your wildcard domains is *.yourdomain.com, then you can add the SANs www.yourdomain.com or www.app.yourdomain.com to your certificate order.

Subdomain Note:

By default, Wildcard Certificates only secure a specific subdomain level. If your certificate is for *.yourdomain.com, it will secure subdomains of the same level automatically, which means under most circumstances you don’t need to enter in secure.yourdomain.com to use the certificate for that FQDN.

To secure subdomains on different levels (e.g., test.secure.yourdomain.com and six.test.secure.yourdomain.com) request a duplicate certificate. Since these subdomains are not on the same level as the wildcard (*) character, you must manually add them as SANs to the certificate. Requesting multiple duplicate certificates allows you to secure additional subdomains without invalidating the previous certificates.

Validity Period

Select a validity period for the certificate: 1 year, 2 years, Custom expiration date, or Custom length.

Custom validity periods

Certificate pricing is prorated to match the custom certificate length.

Certificate validity can't exceed the industry allowed maximum lifecycle period for the certificate. For example, you can't set a 900-day validity period for a certificate.

Additional Certificate Options

Expand Additional Certificate Options and provide this information as needed (some information is required; other information is optional):

Signature Hash

Heading block

In the drop-down list, select a signature hash.

Server Platform

In the drop-down list, select the server on which the CSR was generated.

Organization Unit(s)

You can leave this box blank. Adding an organization unit (OU) for which the certificate and domain will be used is not required. However, if you include OUs in your order, DigiCert will need to validate them before we can issue your certificate.

If your CSR includes an OU, we populate the Organization Unit box in the order form with that OU information. If you want to use a different OU than the one included in your CSR, click the delete icon (trash can) and add a different one.

To add the OU yourself, in the Organization Unit box, enter the OU.

Auto-Renew

To set up automatic renewal for this certificate, check Auto-renew order 30 days before expiration.

With auto renew enabled, a new certificate order will be automatically submitted when this order nears its expiration date. If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 825 days – approximately 27 months).

Auto Renew can't be used with credit card payments. To automatically renew a certificate, the order must be charged to account balance. You can configure the finance settings for your account on the Finance Settings page (in the sidebar menu, click Finances > Settings).

Organization

To add an organization, click Add Organization and complete one of the options below.

Option 1: Add an existing organization

If your CSR includes an organization currently used in your account, we populate the Organization card in the order form with the organization information. If you want to use a different organization than the one included in your CSR, click the delete icon (trash can) and add a different one.

  1. In the Add Organization window, select Existing Organization.

  2. To see only a list of fully validated organizations, check Hide non-validated organizations.

  3. Select one of the available organizations.
    If have more than nine organizations in your account, use the Organization drop-down list to select an organization.

  4. Click Add.

Option 2: Add a new organization

When adding a new organization, we will need to validate the organization before we can issue your certificate. Also, when you add a new organization, you, the requestor, becomes the organization contact for the newly added organization.

  1. In the Add Organization window, select New Organization.

  2. Add these organization details:

    1. Legal Name
      Enter the organization's legally registered name.
    2. Assumed Name
      Does your organization have a DBA name (doing business as name) that you want to appear on the certificate?
      Yes – Enter it here
      No – Leave this box blank.
    3. Country
      In the drop-down list, select the country where the organization is legally located.
    4. Address 1 and Address 2
      Enter the address where the organization is legally located.
    5. City
      Enter the city where the organization is legally located.
    6. State / Province / Territory/ Region / County
      Enter the state, province, territory, region, or county where the organization is legally located.
    7. Zip / Postal Code
      Enter the zip or postal code for the organization’s location.
    8. Organization Phone Number
      Enter a phone number at which the organization can be contacted.
  3. When you are finished, click Add.

Additional Order Options

Expand Additional Order Options and enter the information below as needed. None of this information is required.

Comments to Administrator

Enter any information that your administrator might need for approving your request, about the purpose of the certificate, etc.

These comments are not included in the certificate.

Order Specific Renewal Message:

To create a renewal message for this certificate right now, type a renewal message with information that might be relevant to the certificate’s renewal.

Additional Emails

In the box, enter the email addresses (comma separated) for the people you want to receive the certificate notification emails, such as certificate issuance, duplicate certificate, certificate renewals, etc.

The recipients cannot manage the order, just receive certificate related emails.

Payment Information

Under Payment Information, use one of these payment options to pay for the certificate.

Bill to account balance

Select Bill to account balance to use the funds from your account balance.

If you need to deposit funds before continuing with the certificate order, click the Deposit link. You can't deposit funds in your CertCentral account until you enable the account balance payment method. See Activate the account balance payment method in your account.

Bill to credit card

Select Bill to credit card, then use one of the options below.

Use One of the Credit Cards Listed

Under Selected Card, select one of the available cards.

Add a Different Credit Card

  1. Under Selected Card, select Another Credit Card.

  2. Under Credit Card Details, type your credit card information (i.e., card number, etc.).

Then, under Billing Information, use one of the following to add the billing contact information.

Use account’s billing contact information

To use your account’s billing contacts information for the credit card, check the Same as billing contact for this account box.

Add your billing information

  1. Type your billing information (i.e., Name on card, Country, etc.).

  2. Under Credit Card Options, save or don't save your credit card information:
    Do Not Save the Credit Card
    Uncheck Save this credit card.
    The credit card will not be added to your account. If you want to use the credit card again, you will need to reenter its information in your account.
    Save the Credit Card
    To Save the Credit Card do 1 or more of the tasks below.

    1. Check Save this credit card.
    2. (Optional) Under Card Name, type a name for the credit card that will be helpful when using or identifying the card (i.e., Pay Account Balance).
      Note: If no name is provided, the card name defaults to the card type and last four digits of the card number (i.e., AMEX ####).
    3. (Optional) If you want to use this credit card as the default credit card for your account, check Set this as the default credit card.
      Note: This option does not appear when adding your first credit card. The first credit card added to your account is automatically set as the default credit card.

Complete order

  1. Under Certificate Services Agreement, read through the agreement, making sure you understand it and then, check I agree to the Certificate Services Agreement above.

  2. When you are finished, click Submit Certificate Request.

  3. On the Certificate Orders page (Certificates > Orders), your certificate should be listed with the status of Pending.

Demonstrate control over the domains on your order

After submitting your order to DigiCert, you will need to complete domain validation for the domain on the order (demonstrate control over the domain) before we can issue your certificate. See Prove control over domains on your SSL certificate order.