Ssl – Wildcard SSL certificate for second-level subdomain

certificatesslsubdomainwildcard

I'd like to know if any certificates support a double wildcard like *.*.example.com? I've just been on the phone with my current SSL provider (register.com) and the girl there said they don't offer anything like that and that she didn't think it was possible anyway.

Can anyone tell me if this is possible, and if browsers support this?

Best Answer

RFC2818 states:

If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.

Internet Explorer behaves in the way outlined by the RFC, where each level needs its own wildcarded certificate. Firefox is happy with a single *.domain.com where * matches anything in front of domain.com, including other.levels.domain.com, but will also handle the *.*.domain.com types as well.

So, to answer your question: it is possible, and supported by browsers.

Related Solutions

Second Level Subdomain DNS Wildcard

yes you can do this, you basically need a record (bind format)

*.design.mydomain.com. 3600 IN A x.x.x.x

or in djbdns format:

+\052.design.mydomain.com:x.x.x.x:3600

Ssl – Non-Wildcard SSL Certificate and Subdomains

The main limitation is that with one ip address you can have one ssl certificate.

Since you only want ssl on the blog then there's no problem with the setup you've proposed, just make it the only virtualhost listening on 443

# Virtualhosts on ports 80 and 443
NameVirtualHost *:80
NameVirtualHost *:443

# rewrite blog traffic to https
<VirtualHost *:80>
        ServerName blog.example.com
        DocumentRoot /var/www/blog
        RewriteEngine On 
        RewriteRule ^(.*)$ https://blog.example.com/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key    
        ServerName blog.example.com
        DocumentRoot /var/www/blog
</VirtualHost>

<VirtualHost *:80>
        ServerName othersite.example.com
        DocumentRoot /var/www/other/
</VirtualHost>

The slight limitation here, is that the blog will catch all https traffic here, regardless of hostname, so https://othersite.example.com will point to the blog, and generate errors because the name doesn't match the certificate, but there's no way around that with one ip address.

Best Answer

Related Solutions

Second Level Subdomain DNS Wildcard

Ssl – Non-Wildcard SSL Certificate and Subdomains

Related Topic