This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 27%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Can I use a wildcard certificate ( *.bakertilly.global) to SSL protect a subdomain for a URL ( http://independence-test.bakertilly.global ) or must i use an explicit certificate that matches the URL of the website in Azure?
I am assuming the service you are talking about is the Azure App Service as you have tagged your post with webapps. Wildcard certificates are supported here but you have to purchase/bring your own certificate, the free managed certificate for this service is not a wildcard certificate.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Yes you can. We do. From a security standpoint you should have a single cert per domain. This prevents a malicious user from creating a subdomain and using your cert but given that subdomains shouldn't be hostable without proper checking this ideally shouldn't be an issue. However if you have a lot of sites then this can be expensive and hence the wildcard might be a more cost effective approach.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more