when I get a certificate for
domain.com
*.domain.com
it should and is valid for
but, is it not also valid for
? - Chrome told me the Certificate should be invalid!??
Hi @marsupilani,
Unfortunately that's just how wildcard certificates work with most client software (particularly web browsers) - they are only good for one level of subdomain.
If you wanted your certificate to also be valid for the case above you'd need to add *.sub.domain.com in addition to *.domain.com.
Can I add also *.*.domain.com?
because I won’t renew the Certificate, each time I add a new subdomain …
No, unfortunately that won't work. Trusted CAs are forbidden from issuing certificates with more than one wildcard label, or a wildcard label anywhere other than in the leftmost position in the domain name.
I need a solution for a valid certificate of a dynamic hierachic namespace wie 2-3 layers:
ex.: <level2>.<level1>.domain.com
both levels are generate in a very dynamic matter (more than one per hour in summarize 100 to 2000 add the same time active).
All names could, but may not use the same certificate (I think a new certificate for each new generate dnsname on the same web-server will be overkill), but they should be able to requested by name without error.
Any idea how can I realize that?
Do you think you could perhaps use hyphens instead of dots to separate the two levels?
For example <level2>-<level1>.domain.com.
In that case, they’re considered a single label and a wildcard will apply to all of them. Presumably your software (at least if you control all of it) could be modified to understand that a hyphen is the boundary between level2 and level1 instead of a dot.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.