Although having an SSL certificate can present certain user errors in regards to notification from older browsers certificate-authenticated SSL is considered mandatory by all security guidelines whenever a web site hosts confidential information or performs material transactions.

WildCard Domains:

Unfortunately there has never been a good RFC on how wildcard matching works so the different implementations (SChannel and NSS mainly) are slightly different. However, here's the draft standard which will pin this down:

And here's Microsoft's take on it:

Accepted wildcard examples

  • matches
  • * matches
  • w* matches
  • ww* matches
  • matches www.examPle.cOm

Nonaccepted wildcard examples

  • *
  • *
  • w*
  • * does not match
  • www.e* does not match
  • www.* does not match
  • www.ex*.com does not match
  • www.*.com does not match
  • does not match *.com does not match
  • does not match *
  • does not match *.*
  • example does not match *
  • does not match a*.d*
  • does not match *.*
  • does not match www.*

Basically, a wildcard may appear as the left-most label and it matches exactly one label. So * matches, but not (because that would mean matching zero labels).