Double Wildcard SSL Certificates

Question

Is there a registar that offers SSL certificates for:

..domain.com

or

something_fixed.*.domain.com?

--

M.

Wouldn't *.example.com cover *.*.*.*.*.*...*.example.com? — ceejayoz, Apr 11 '10 at 21:15
Not a chance. This was the behaviour of mozilla browsers until relatively recently, but it violated the RFC and they fixed it. — Falcon Momot, Jun 23 '14 at 21:52

score 9 · Answer 1 · answered Apr 12 '10 at 02:02

9

Actually, wildcards only work on the first level of a subdomain in most browsers. So a wildcard certificate for *.example.com wouldn't work on mail.test1.example.com.

Web browsers also don't know what to do with a certificate for somthing.*.example.com either. You best option is to get a SAN certificate that you can include the specific hostnames in no matter what level they are on.

answered Apr 12 '10 at 02:02

Robert

1,575

"wildcards only work on the first level of a subdomain in most browsers". Do you have any references for this? I'm not disputing, just curious. – John Gardeniers Apr 12 '10 at 04:39
6

Certainly. RFC2818 (http://www.ietf.org/rfc/rfc2818.txt) states:
"If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com."
– Robert Apr 13 '10 at 07:03
2

+1 Wildcard certs do indeed only work for the first level subdomain. – Tatas May 17 '10 at 15:28

score 1 · Answer 2 · edited Aug 20 '15 at 12:59

1

In case it helps anyone, double wildcard certs don't actually work.

(from firefox) www.test.example.com uses an invalid security certificate.

The certificate is only valid for *.*.example.com

(Error code: ssl_error_bad_cert_domain)

edited Aug 20 '15 at 12:59

Michael Haren

1,301

answered Sep 08 '11 at 19:02

Joel

141

score -1 · Answer 3 · answered Apr 11 '10 at 22:54

-1

As ceejayoz says - a standard wildcard certificate will do exactly what you desire.

I assume you're looking for that style of certificate because you want something cheaper? If so, then no can do, you have to purchase a wildcard.

answered Apr 11 '10 at 22:54

Mark Henderson

69,083

score -2 · Answer 4 · answered Nov 06 '15 at 08:10

-2

As wildcard SSL certificate is used to secure unlimited number of sub-domains(first level).

Example 1: To secure *.domainname.com, you need to buy Wildcard SSL certificate for Doaminname.com,

Here in this case, domainname.com will be your first level domain.

Example 2: To secure something.*.domainname.com, you need to buy wildcard for *.domainname.com,

Here in this case, *.domainname.com will be your second level domain.

answered Nov 06 '15 at 08:10

Jake Adley

137

Example 2 is simply wrong; see Falcon's comment on the original question. Example 1 has nothing to do with the question as asked. – MadHatter Nov 06 '15 at 08:19

Double Wildcard SSL Certificates

4 Answers4

Linked