wildcard ssl on sub-subdomain

ssl-certificate wildcard-subdomain
porto alet picture porto alet · Jan 22, 2010 · Viewed 86.8k times · Source

we have wildcard ssl certificate for *.domain.com, and have a website with sub1.sub2.domain.com

safari 4.0.4 on MacOsx pops up a certificate error(presumably because of wildcard interpretation), while safari 4 on windows does not.

also ie8 behaviour is mixed at best, some ie8 do not display the certificate error and some do not.

What causes this strange behavior on Safari and IE?

Answer

Elias Torres Arroyo picture Elias Torres Arroyo · Mar 16, 2012

A wildcard SSL certificate for *.example.net will match sub.example.net but not sub.sub.example.net.

From RFC 2818:

Matching is performed using the matching rules specified by RFC2459. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.

Related questions

How to create a self-signed certificate with OpenSSL

I'm adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps: openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out …

Read More
How to create .pfx file from certificate and private key?

I need .pfx file to install https on website on IIS. I have two separate files: certificate (.cer or pem) and private key (.crt) but IIS accepts only .pfx files. I obviously installed certificate and it is available in certificate …

Read More
Using openssl to get the certificate from a server

I am trying to get the certificate of a remote server, which I can then use to add to my keystore and use within my java application. A senior dev (who is on holidays :( ) informed me I can run this: …

Read More