I plan on getting a wildcard certificate for my domain like *.example.com, but I've heard varying reports about whether it will also work with second-level subdomains like *.subdomain.example.com — reports that it works in Firefox but not in other browsers.
If I want it to work with all browsers, will I need to purchase a wildcard certificate for *.subdomain.example.com?
Is there a place for more definitive information on how this works and with what browsers?
Best Answer
Matching in wildcard certificates is done on a level-by-level basis, so if you want a certificate that will work for
foo.sub.example.com
as well asbar.example.com
, you need a certificate that has alt names of both*.sub.example.com
and*.example.com
. If you wanted to also matchbaz.xyzzy.example.com
you'd then need*.*.example.com
(instead of*.sub.example.com
). It all gets rather unpleasant, and you'd probably need to have a thorough chat with (and a phat checkbook for) your SSL certificate provider, as I can't imagine it's something they deal with daily.