Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL Multilevel Subdomain Wildcard

Tags:

ssl

server

wildcard

subdomain

administration

I bought a wildcard certificate for *.example.com. Now, I have to secure *.subdomain.example.com. Is it possible to create a sub-certificate for my wildcard-certificate?

If it is, how I can do this?

like image 446
Attrachii Avatar asked Nov 04 '14 20:11

Attrachii

People also ask

Does wildcard certificate work for subdomains?

A Wildcard SSL certificate is marketed as being able to secure “unlimited subdomains” and that's partially true but with the caveat that all those sub-domains must be at the same level of the URL.

How many subdomains can a wildcard have?

A Wildcard will only secure one subdomain level. Generally, most websites only have one subdomain level, so this isn't a problem.

Can you have multiple wildcard SSL certificates?

A multi-domain wildcard SSL certificate can also be used as a multi-level wildcard. Multi-domain wildcards use wildcard SANs, you can include an asterisk in them. So, using a multi-domain wildcard enables you to secure all the sites we listed above with just a few wildcard SANs — all on the same SSL certificate.

How do I add a wildcard certificate to a subdomain?

As an alternative method, navigate to Domain name on the menu, locate your domain, and click the cog wheel on the far right and select Enable wildcard subdomain. After a few minutes, every subdomain will also have an SSL certificate.

2 Answers

No, it is not possible. A wildcard inside a name only reflects a single label and the wildcard can only be leftmost. Thus *.*.example.org or www.*.example.org are not possible. And *.example.org will neither match example.org nor www.subdomain.example.org, only subdomain.example.org.

But you can have multiple wildcard names inside the same certificate, that is you can have *.example.org and *.subdomain.example.org inside the same certificate.

like image 75
Steffen Ullrich Avatar answered Sep 23 '22 22:09

Steffen Ullrich

It is impossible to secure multi-level subdomains with a single wildcard certificate. If wildcard certificate issued for *.mydomain.tld, so it can secure only first-level subdomains of *.mydomain.com.

To secure your second-level subdomains, you have two choices.

Purchase another wildcard certificate for *.sub1.mydomain.tld. In that case, you need to manage two individual wildcard certificates.

You can go with a multi-domain wildcard certificate, where you can add up to 100 multiple domains or subdomains.

For example,

  • *.mydomain.tld
  • *.sub1.mydomain.tld
  • *.sub2.mydomain.tld
  • *.anydomain.com

It will secure your multiple domains and multi-level subdomains and reduce your hassle from multiple certificate management.

like image 24
Jason Parms Avatar answered Sep 23 '22 22:09

Jason Parms
Sign in to Comment

Related questions

What is the proper HTTP response to send for requests that require SSL/TLS
How to find what SSL/TLS version is used in Java
What does "SSLError: [SSL] PEM lib (_ssl.c:2532)" mean using the Python ssl library?
How can I get LWP to validate SSL server certificates?
How do I use https (SSL) in XAMPP while using virtual hosts
Tomcat Server/Client Self-Signed SSL Certificate
How to connect to a remote PostgreSQL database through SSL with Python
What's the difference between rapidSSL and geotrust certificates? [closed]
Charles proxy fails on SSL Connect Method
Java SSLHandshakeException "no cipher suites in common"
HTTPS connection Python
Change keystore password from no password to a non blank password
What are the best practice for domain names (dev, staging, production)?
How can I set up Jenkins CI to use https on Windows?
Difference between DTLS and TLS
How to use TLS 1.2 in Java 6
Verify if curl is using TLS
javax.net.ssl.SSLException: Received fatal alert: protocol_version
Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url <https://conda.anaconda.org/anaconda/win-64
PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!