Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Wildcard SSL on sub-subdomain [closed]

People also ask

Do wildcard certificates work for subdomains of subdomains?

A multi-domain wildcard SSL certificate is the perfect solution for situations where you need to secure multi-level subdomains. It allows encrypting multiple levels of subdomains with one certificate. Like the wildcard certificate, it can work whether the sites are on the same or separate servers.

Can you have a wildcard for a subdomain?

A wildcard DNS record allows you to point all existing and non-existing subdomains to a specific area. For example, www.example.com and test.example.com would both direct to www.example.com when a wildcard subdomain is enabled. If your main domain is example.com, then the wildcard subdomain will be *.

Do SSL certificates cover sub domains?

SSL certificates can secure main domains, subdomains, and multi-level domains.

How many levels does a wildcard certificate cover?

The answer is a Multi-Domain Wildcard SSL certificate It's typically presented as being for up to 250 different domains and all their (first-level) sub-domains.


A wildcard SSL certificate for *.example.net will match sub.example.net but not sub.sub.example.net.

From RFC 2818:

Matching is performed using the matching rules specified by RFC2459. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.


If you need a wildcard certificate that contains *.domain.com sites and also work with sub1.sub2.domain.com or another domain like *.domain2.com, you can solve that with a single wildcard certificate with what is called a subject alternative name (SAN) extension for each of the other sub sub domains. A SAN cert is not just for multiple specific host names, it can be created for wildcards entries as well.

For example, *.domain.com, sub1.sub2.domain.com, and *.domain2.com would have a Common Name of *.domain.com then you would attach a subject alternative name of both *.domain2.com and *.sub2.domain.com. It might depend on the Certificate Authority as to how they would charge you (or not) for the certificate, but there are some out there where this offering is available. Also, SAN is support is pretty widespread in the web browser space. The best real world example of this use, it Google's SSL cert. Go open google and view its SSL certificate, you will see it works for *.google.com, *.youtube.com, *.gmail.com, and a bunch more where they are listed as subject alternative names.


The wildcard is only applied to the first part (from the left) of you domain. So you'll need a certificate for *.sub2.domain.com

If you meant that you have sub1.domain.com and sub2.domain.com, then it should work.