as many already noticed in this forum, a wildcard certificate for
www.example.com and correctly fails to validate
www.subdomain.example.com. Such subdomain requires its own wildcard, such as
Unfortunately in my current setup the
subdomain part is dynamically generated, so it would be really useful being able to add wildcards in the form of
www.*.example.com, or even
To my understanding of RFC 2818, this should be possible. Here the relevant quote (section “3.1. Server Identity”):
Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., .a.com matches foo.a.com but not bar.foo.a.com. f.com matches foo.com but not bar.com.