*.domain.com wildcard not working for subdomain.subdomain.domain.com [duplicate]
Solution 1:
RFC2818 states:
If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
Internet Explorer behaves in the way outlined by the RFC, where each level needs its own wildcarded certificate. Firefox is happy with a single *.domain.com where * matches anything in front of domain.com, including other.levels.domain.com, but will also handle the *.*.domain.com types as well.
So, to answer your question: it is possible, and supported by browsers.
Solution 2:
All answers here are outdated or not fully correct, not considering the RFC 6125 from 2011.
According to the RFC 6125, only a single wildcard is allowed in the most left fragment.
Valid:
*.sub.domain.tld
*.domain.tld
Invalid:
sub.*.domain.tld
*.*.domain.tld
domain.*
*.tld
sub.*.*
A fragment, or also called "label", is a closed component, e.g.: *.com
(2 labels) does not match label.label.com
(3 labels) - this has already been defined in RFC 2818.
Before 2011 in RFC 2818 the setting was not fully clear:
Specifications for existing application technologies are not clear or consistent about the allowable location of the wildcard character.
This has changed with RFC 6125 from 2011 (6.4.3):
The client SHOULD NOT attempt to match a presented identifier in which the wildcard character comprises a label other than the left-most label (e.g., do not match bar.*.example.net).