12

Let's say I'm using AWS Certificate Manager to get a certificate for example.com for use with AWS CloudFront. I can specify an alternate domain of www.example.com and point it to another CloudFront distribution in my DNS.

But AWS Certificate Manager also allows me to specify a wildcard *.example.com as an alternate domain, which would allow me in the future to set my DNS to route blog.example.com to yet another CloudFront distribution if I decided I needed that.

Is there any downside to adding a wildcard domain such as *.example.com to the AWS Certificate Manager? Does it cost more? Does it make my configuration inflexible in some way? Why wouldn't I want to always specify a wildcard *.example.com as an alternate domain, as this gives me flexibility to add a subdomain in the future whenever I want to?

Garret Wilson
  • 165
  • 2
  • 13

1 Answers1

11

The upside is that it's very flexible. A wildcard cert allows you to add alternate domains in the future. The "normal" downsides to a star cert in general is they can be expensive and they create the potential for a security vulnerability.

For your use case they are not expensive at all, AWS Certificate Manager is free:

Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

Regarding the security vulnerability, it's really an issue when you're loading a star cert onto a server. Since the ACM certificate is managed internally and used on an AWS service it's far less vulnerable.

You cannot install public ACM certificates directly on your website or application. You must install your certificate by using one of the services integrated with ACM and ACM PCA

I've included a couple of references providing more details about wildcard cert vulnerabilities.

References

Certificate Manger Pricing

ACM Overview

Wildcard Certificates Make Encryption Easier but Less Secure

What Vulnerabilities Could Be Caused by a Wildcard SSL Cert

kenlukas
  • 2,886
  • 2
  • 14
  • 25