4 part domain names and wildcard certs


#1

I have setup a wildcard cert for uptownbusinessassociation.com and *.uptownbusinessassociation.com.

https://uptownbusinessassociation.com
https://www.uptownbusinessassociation.com
https://jack.uptownbusinessassociation.com

all work as expected.

https://jack.test.uptownbusinessassociation.com

does NOT work as expected. I can’t setup a star.star.uptownbusinessassociation.com name with my dns provider. ( tried to do a double asterisk in that link but the post just showed …uptownbusinessassociation.com and didn’t show what I typed… so star.star has to fill in)

My server serves up https://jack.test.uptownbusinessassociation.com just fine.

The chrome and firefox browsers I use to test both say something like:

This server could not prove that it is jack.test.uptownbusinessassociation.com; its security certificate is from *.uptownbusinessassociation.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

Is there a way to setup a wildcard.wildcard cert since a wildcard cert doesn’t cover sub.sub-domains?

We use 4 part sub domains for something like test.backend.some.site where backend.some.site is the production version and test.backend.some.site or staging.backend.some.site are on our test systems.

  • jack

#2

You can get certificates for *.test.uptownbusinessassociation.com and *.backend.some.site. (And Let’s Encrypt allows up to 100 names per certificate.) Unfortunately wildcards only apply to one “level”.


#3

No. To the best of my knowledge, no CA supports this. But you could do *.uptownbusinessassociation.com and *.test.uptownbusinessassociation.com (even both on the same cert if desired).


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.