Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to have a valid sub-subdomain with a wildcard certificate?

Tags:

ssl

ssl-certificate

apache

Say I have the following domain:

example.com

I have a Wildcard SSL certificate for this domain. Subdomains like test.example.com validate properly. However, when I try to use a domain like demo.test.example.com, I get an error message in all major browsers:

demo.test.example.com uses an invalid security certificate.

The certificate is only valid for the following names:
  *.example.com , example.com

Is it possible to use a wildcard certificate for a "sub-subdomain"?

like image 718
David Barnes Avatar asked Jun 21 '10 19:06

David Barnes

People also ask

Does wildcard certificate work for subdomain of subdomain?

A wildcard SSL certificate is the next-generation security solution that allows the main website and its subdomains to be secured by a single SSL certificate, even if the sites are on the multiple servers. It is a one-stop security solution for any website with multiple subdomains.

Can you have a wildcard for a subdomain?

A wildcard DNS record allows you to point all existing and non-existing subdomains to a specific area. For example, www.example.com and test.example.com would both direct to www.example.com when a wildcard subdomain is enabled. If your main domain is example.com, then the wildcard subdomain will be *.

How many subdomains can you have for a wildcard cert?

It's often marketed as securing “unlimited subdomains.” And that's partially true — with one important caveat: Wildcard SSL certificates secure unlimited subdomains at ONE domain level.

Do wildcard certificates work for second level subdomains?

A traditional wildcard certificate for *. example.com will only secure a first-level subdomain of example.com such as mail.example.com. DigiCert's Wildcard Plus certificate uses SANs to secure any subdomain of example.com, including multi-level subdomains such as mail.internal.example.com.

2 Answers

Well, you've already verified that you can't! Here's why:

From: http://www.ietf.org/rfc/rfc2818.txt

Names may contain the wildcard character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.

like image 149
John Rasch Avatar answered Sep 20 '22 03:09

John Rasch

The standards don't allow a wildcard to work on multiple levels. However, you can put the specific multilevel subdomain in as a Subject Alternative Name in the wildcard certificate and it will work. Some certificate providers (like DigiCert) allow this.

like image 41
Robert Avatar answered Sep 19 '22 03:09

Robert
Sign in to Comment

Related questions

How to use Apache Benchmark (ab) to login to a site
.htaccess - silently rewrite/redirect everything to internal subfolder
Apache/PHP returns HTTP Status Code 200 on error pages
increase memory limit on wamp
React app has to clear browser cache after new deployment
How do I configure Apache 2.2 for Ruby on Rails in Windows?
How do I redirect a user using Apache Rewrite, to the fully qualified domain name?
Why does my Mockito mock object use real the implementation
Why do we need apache under Node.js express web framework?
How to stream an HTTP file upload without the Content-Length header?
Reading data from xlsx with Apache POI's SXSSFSheet
Converting .htaccess to nginx (mod_rewrite)
Apache rewrite subnet ip range
Apache 2.4 Error: FCGI: attempt to connect to Unix domain socket /run/php/php7.0-fpm.sock (*) failed
- mongodb/mongodb 1.2.0 requires ext-mongodb ^1.3.0 -> the requested PHP extension mongodb is missing from your system
Serving images from outside of document root
Redirect all traffic to index.php using mod_rewrite
Apache ProxyPass - Regex to Exclude Files
Why are my assets not served through a reverse proxy in apache
PHP.ini Default Dir Extensions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!