Wildcard certificate not valid for sub of subdomains?

when I get a certificate for


it should and is valid for


but, is it not also valid for


? - Chrome told me the Certificate should be invalid!??

Hi @marsupilani,

Unfortunately that's just how wildcard certificates work with most client software (particularly web browsers) - they are only good for one level of subdomain.

If you wanted your certificate to also be valid for the case above you'd need to add *.sub.domain.com in addition to *.domain.com.

Can I add also *.*.domain.com?

because I won’t renew the Certificate, each time I add a new subdomain …

No, unfortunately that won't work. Trusted CAs are forbidden from issuing certificates with more than one wildcard label, or a wildcard label anywhere other than in the leftmost position in the domain name.

I need a solution for a valid certificate of a dynamic hierachic namespace wie 2-3 layers:

ex.: <level2>.<level1>.domain.com

both levels are generate in a very dynamic matter (more than one per hour in summarize 100 to 2000 add the same time active).
All names could, but may not use the same certificate (I think a new certificate for each new generate dnsname on the same web-server will be overkill), but they should be able to requested by name without error.
Any idea how can I realize that?

Do you think you could perhaps use hyphens instead of dots to separate the two levels?

For example <level2>-<level1>.domain.com.

In that case, they’re considered a single label and a wildcard will apply to all of them. Presumably your software (at least if you control all of it) could be modified to understand that a hyphen is the boundary between level2 and level1 instead of a dot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.