Menu
Say I have the following domain:
example.com
I have a Wildcard SSL certificate for this domain. Subdomains like test.example.com validate properly. However, when I try to use a domain like demo.test.example.com, I get an error message in all major browsers:
demo.test.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.example.com , example.com
Is it possible to use a wildcard certificate for a "sub-subdomain"?
718
A wildcard SSL certificate is the next-generation security solution that allows the main website and its subdomains to be secured by a single SSL certificate, even if the sites are on the multiple servers. It is a one-stop security solution for any website with multiple subdomains.
A wildcard DNS record allows you to point all existing and non-existing subdomains to a specific area. For example, www.example.com and test.example.com would both direct to www.example.com when a wildcard subdomain is enabled. If your main domain is example.com, then the wildcard subdomain will be *.
It's often marketed as securing “unlimited subdomains.” And that's partially true — with one important caveat: Wildcard SSL certificates secure unlimited subdomains at ONE domain level.
A traditional wildcard certificate for *. example.com will only secure a first-level subdomain of example.com such as mail.example.com. DigiCert's Wildcard Plus certificate uses SANs to secure any subdomain of example.com, including multi-level subdomains such as mail.internal.example.com.
Well, you've already verified that you can't! Here's why:
From: http://www.ietf.org/rfc/rfc2818.txt
Names may contain the wildcard character * which is considered to match any single domain name
component or component fragment. E.g.,*.a.commatchesfoo.a.combut notbar.foo.a.com.f*.com matchesfoo.combut notbar.com.
149
The standards don't allow a wildcard to work on multiple levels. However, you can put the specific multilevel subdomain in as a Subject Alternative Name in the wildcard certificate and it will work. Some certificate providers (like DigiCert) allow this.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
