1.1.5 Control Key and Certificate Sharing
In PKI, private keys and certificates can be shared among properties. This practice is not necessarily insecure, but only if it’s done in a way that’s understood. For best results, don’t share. Don’t use the same certificate on multiple properties; don’t even put different hostnames on the same certificate. With this approach, each property will be independently secured.
The main issue with sharing is that if one property is compromised, the other ones in the same group also follow. There are situations in which this is not a problem. For example, if you have a group of properties that are all managed by the same team and are all part of the same system, sharing is not necessarily bad. On the other hand, multiple teams and multiple distinct properties sharing certificates is always bad.
Wildcard certificates have their place. For example, they are best used by a single property when you need to support an arbitrary number of subdomains, usually one per customer. Avoid them otherwise.