ssl certificates for *.subdomain.example.com
I plan on getting a wildcard certificate for my domain like *.example.com, but I've heard varying reports about whether it will also work with second-level subdomains like *.subdomain.example.com -- reports that it works in Firefox but not in other browsers.
If I want it to work with all browsers, will I need to purchase a wildcard certificate for *.subdomain.example.com?
Is there a place for more definitive information on how this works and with what browsers?
Solution 1:
Matching in wildcard certificates is done on a level-by-level basis, so if you want a certificate that will work for foo.sub.example.com
as well as bar.example.com
, you need a certificate that has alt names of both *.sub.example.com
and *.example.com
. If you wanted to also match baz.xyzzy.example.com
you'd then need *.*.example.com
(instead of *.sub.example.com
). It all gets rather unpleasant, and you'd probably need to have a thorough chat with (and a phat checkbook for) your SSL certificate provider, as I can't imagine it's something they deal with daily.
Solution 2:
You either need to get separate wildcard certificates for each level, or have your SSL provider put in multiple levels or specific hostnames as SANs in the wildcard certificate for *.example.com (if you can find a provider to do this).