ssl domain problem for signed asterisk certificates

I have two hosts set on apache server with signed ssl certs. Both virtual hosts have correct configuration I believe. First is sub.domain.com witch is working correctly and browsers don't complain for its cert. Second domain is level.sub.domain.com and it generating errors, what I get is ssl_error_bad_cert_domain for

level.sub.domain.com uses an invalid security certificate.

The certificate is only valid for the following names: *.domain.com , domain.com

Should the *.domain.com certificate support more than one level subdomain?


*.domain.com should only match for domains .domain.com, but not domain.com or a.b.domain.com.

Citing this great presentation:

RFC 2595 (Using TLS with IMAP, POP3 and ACAP): A “*” wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would match a.example.com, foo.example.com, etc. but would not match example.com.

RFC 2818 (HTTP Over TLS): Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.

RFC 4513 (LDAP Authentication Methods): The ‘*’ (ASCII 42) wildcard character is allowed in subjectAltName values of type dNSName, and then only as the left-most (least significant) DNS label in that value. This wildcard matches any left-most DNS label in the server name. That is, the subject *.example.com matches the server names a.example.com and b.example.com, but does not match example.com or a.b.example.com.