Wildcard SSL certificate for second-level subdomain

RFC2818 states:

If more than one identity of a given
type is present in the certificate
(e.g., more than one dNSName name, a
match in any one of the set is
considered acceptable.) Names may
contain the wildcard character * which
is considered to match any single
domain name component or component
fragment. E.g., *.a.com matches
foo.a.com but not bar.foo.a.com.
f*.com matches foo.com but not
bar.com.

Internet Explorer behaves in the way outlined by the RFC, where each level needs its own wildcarded certificate. Firefox is happy with a single *.domain.com where * matches anything in front of domain.com, including other.levels.domain.com, but will also handle the *.*.domain.com types as well.

So, to answer your question: it is possible, and supported by browsers.

Related Posts:

  1. https connection using CURL from command line
  2. How to generate a self-signed SSL certificate using OpenSSL?
  3. Convert .pem to .crt and .key
  4. SSL_ERROR_BAD_CERT_DOMAIN
  5. OpenSSL: unable to verify the first certificate for Experian URL
  6. Does each subdomain need it’s own SSL certificate?
  7. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  8. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  9. What is .crt and .key files and how to generate them?
  10. “ssl module in Python is not available” when installing package with pip3
  11. Simple Java HTTPS server
  12. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  13. CFNetwork SSLHandshake failed iOS 9
  14. What exactly is cacert.pem for?
  15. SSL CA cert (path? access rights?)
  16. keytool error bash: keytool: command not found
  17. “The underlying connection was closed: An unexpected error occurred on a send.” With SSL Certificate
  18. ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome
  19. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  20. How to disable cURL SSL certificate verification
  21. Getting error in Curl – Peer certificate cannot be authenticated with known CA certificates
  22. How do you sign a Certificate Signing Request with your Certification Authority?
  23. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  24. Issues with installing python libraries on Windows : CondaHTTPError: HTTP 000 CONNECTION FAILED for url
  25. WordPress wp-admin https redirect loop
  26. Is it safe to use sslverify => true for with wp_remote_get/wp_remote_post
  27. Images causing Mixed Content with SSL
  28. After updating site to use SSL all images in posts point to http://
  29. Adding https to wordpress website
  30. What’s the right move with SSL for user based site?
  31. I am locked out of my WordPress site after changing site URL from Http to Https
  32. Enabling SSL on wordpress results in 404
  33. SSL setup: wp-login css doesn’t load over httpS
  34. In WP versions >= 4.0, is FORCE_SSL_LOGIN forcing HTTPS for the entire admin session?
  35. Separating HTTP and HTTPS content with WordPress, Varnish, and an SSL terminator?
  36. SSL Certificate and WordPress
  37. Pointing SSL Enabled URL at Single WordPress Page
  38. Occasional HTTPS Mixed Content Warning
  39. Divert http to https with WordPress on IIS
  40. WordPress : To load all asset files coming from HTTP to HTTPS?
  41. Google maps causing mixed content in header
  42. Cloudflare and SSL breaks wordpress – Mixed Content & Unable to use Admin
  43. XML asset fails to load using https
  44. Search and replace http:// links to https:// to get the green padlock
  45. un-loading https
  46. WordPress site shows “File not found.” if opened through https
  47. wp_remote_get – curl error 28 connection timed out – using SANS in URL
  48. SSL certificate error on Google Chrome , IE [closed]
  49. How do I set up a local version of my https wordpress site for testing and development using MAMP
  50. Address a single page to SSL https secure protocol?
  51. WordPress + SSL + Varnish + Pound
  52. Certain header elements not served over https
  53. wordpress http to https windows server
  54. Jetpack “Connect to WordPress” serving insecure content under HTTPS
  55. Allow non-SSL pages to use https or Force non-SSL pages to http?
  56. How to force non SSL on just one page?
  57. Need ideas for HTTPS multiple domain solution
  58. WordPress 4.0 Forces entire site into SSL
  59. Site not reachable due to change from HTTP to HTTPS [closed]
  60. All content is HTTPS, but browsers warn of HTTP mixed content [closed]
  61. How do I handle SSL properly when WP is behind a reverse proxy?
  62. Hi do I change Media files that still show as http after installing ssl
  63. Errors on a single host using wp_remote_get() unless sslverify is set to false
  64. How do I find non-SSL problems on my SSL page?
  65. SSL doesn’t work on certain pages – what is wrong?
  66. WordPress site shown as Not Secure on Chrome when SSL certificate is valid
  67. Self signed certificate issue with WooCommerce rest api connection
  68. Disable WordPress accessing WordPress.org to check for updates
  69. URLs not being output with https
  70. How to protect login via SSL but not the rest of the dashboard
  71. ERR_CONNECTION_REFUSED
  72. The REST API request failed due to an error. cURL error 60: SSL certificate problem: certificate has expired
  73. SSL not working fine, Home url not matching with site url wordpress errors
  74. Website Migration (with https) to a new domain(http)
  75. How to move my local wordpress to https?
  76. WordPress – SSL not working – browser console error “Mixed Content” and “Failed to load resource”
  77. Implications of not completing all tasks when switching to HTTPS
  78. Update not working after installing up SSL
  79. Problem forcing San SSL certificate on WordPress
  80. SSL Certificate
  81. How to send user data from one website to another
  82. How come all my http URLs are turned to https?
  83. Forcing SSL (Bad Theme coding)
  84. How to switch static files back to using HTTP instead of HTTPS?
  85. I just updated my SSL certificate and now my site looses formatting when
  86. WordPress and SSL
  87. SSL problems with WordPress
  88. SSL/HTTPS Redirect Loop
  89. The plain HTTP request was sent to HTTPS port in wordpress [closed]
  90. Adding SSL certificate to the front end of my site
  91. iHow to redirect all http traffic to https now that a SSL certificate is added?
  92. How to force static assets with HTTP sources to load over HTTPS?
  93. Moving WordPress from http to https over existing site
  94. WordPress stuck at Step 1 of setup behind nginx reverse proxy
  95. Displaying a remote SSL certificate details using CLI tools
  96. how to download the ssl certificate from a website?
  97. What is a challenge password?
  98. Is there a reason to use an SSL certificate other than Let’s Encrypt’s free SSL?
  99. How do I clear Chrome’s SSL cache?
  100. Generating a self-signed cert with openssl that works in Chrome 58

Leave a Comment