Suppose I have a certificate for *.example.com and privileged access to all example.com websites. Sure I could install the wildcard certificate into https://api.example.com website so that it can prove its identity. What about https://www.cool.example.com?
I'm facing this exact scenario with a fourth level domain name website. IE and Firefox refuse to connect to https://www.cool.example.com which serves *.example.com certificate to prove its identity (however when I request https://cool.example.com serving the same certificate the two browsers are both happy to connect).
Is this the expected behavior?
