Valued for their simplicity and cost-effectiveness, Wildcard certificates provide a quick way to secure a large number of services. Yet, behind this apparent ease of use lie major availability and security challenges. These issues have become critical as certificate lifespans continue to shrink.
Wildcard certificate: simple, effective, but structurally risky
A Wildcard certificate (e.g., *.domain.com) allows you to secure all first-level subdomains of a domain with a single certificate. In practice, the same certificate can be used for a website, an API, a customer portal, or an internal service, without the need to manage multiple requests or renewals.
That’s why Wildcard certificates remain so popular: they reduce the number of certificates to manage, keep costs down, and speed up the rollout of new services. In shared or cloud environments, they are often seen as a pragmatic and fast solution. However, this concentration of resources has a downside.
Wildcard expiration: when everything goes down at once
A Wildcard certificate is typically shared across multiple applications and instances. When it expires, it’s not just one service that goes dark, but several, simultaneously.
With the progressive reduction of certificate lifespans—soon to be measured in weeks rather than months—the risk increases mechanically. Forgetting a renewal is no longer just a minor technical glitch; it results in a large-scale service interruption, immediately visible to both users and business units.
For a CIO or CISO, the stakes go far beyond technicalities: it’s about business continuity, brand image, and trust in the information system.
An expanded attack surface
The second risk, which is often less visible, concerns the private key associated with the Wildcard certificate. This key is copied onto every server using the certificate. If just one of these servers is compromised, the attacker can retrieve the private key. Consequently, communications for all other services are no longer protected, and the hacker can exploit the key to impersonate any service covered by that certificate.
In other words, a local compromise can have global consequences. This is a major point of concern in a Zero Trust context, where the goal is specifically to limit lateral movement and segment risks.
ACME: a major breakthrough, but a partial solution
To address the increasing complexity of certificate management, the ACME protocol has emerged as the industry standard. For Wildcard certificates, ACME relies on the DNS-01 challenge, the only mechanism compatible with this type of certificate. Once this challenge is validated, renewal becomes automatic, predictable, and compliant with security best practices—notably through regular key rotation. ACME thus removes much of the stress associated with expirations. However, ACME does not fully solve a critical issue for multi-instance Wildcards: ensuring that the certificate is correctly deployed and activated everywhere it is used.
Our CLM BerryCert: the intelligent ACME proxy for your IT infrastructure
Certificate Lifecycle Management (CLM) acts as an ACME proxy—a smart intermediary between your IT infrastructure and the Certificate Authority (CA).
In practical terms, the CLM maintains an exhaustive inventory of your assets: it knows exactly where each Wildcard certificate is deployed. When a renewal is required, the CLM initiates the ACME request to the public CA. More importantly, it orchestrates the subsequent operations. Thanks to its connectors and APIs, the CLM automatically deploys the renewed certificate across all instances where it is used, in a consistent, secure, and traceable manner. It ensures that every server is updated and that the relevant services are correctly reloaded. Renewing a Wildcard is no longer an isolated event, but an end-to-end controlled operation integrated into global governance.
While Wildcards were once the default choice for the sake of simplicity, a CLM allows organizations to transition toward Multi-SAN certificates or even dedicated certificates per server or application. These approaches significantly reduce the attack surface by avoiding private key sharing, while remaining compatible with short renewal cycles. Without a CLM, such models are often deemed too complex to operate. With a CLM, they become automated and viable at scale.
| Discover how to automate your certificate renewals |
