8

I have a wildcard cert issued by godaddy for *.domain.com.

currently, https://sub.domain.com works just fine. however, https://www.sub.domain.com does not work. Do I need a separate cert for each?

the error i see in browser when i goto https://www.sub.domain.com is:

The identity of this website has not been verified.
 • Server's certificate does not match the URL.
bart2puck
  • 197
  • 1
  • 3

3 Answers3

4

A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. Depending on the number of subdomains an advantage could be that it saves money and also could be more convenient.

Note: But Only a single level of subdomain matching is supported

The workaround could be to add every virtual host name in the Subject Alternative Name (SAN) extension, the major problem being that the certificate needs to be reissued whenever a new virtual server is added.

Because the wildcard only covers one level of subdomains (the asterisk doesn't match full stops), these domains would not be valid for the certificate: xxx.sub.domain.com

user45475
  • 1,030
  • 2
  • 9
  • 14
3

Wildcard SSL protects the unlimited numbers of subdomains in the terms of all are created on your main domain name.

When Wildcard SSL certificate issued for *.domain.com, that can secure…

  • sub1.domain.com
  • sub1.domain.com
  • anything.domain.com

If you want to secure your second level domain names which are hosted under the same sub-domain of your website. You need to issue your certificate for *.sub.domain.com, but it counts sub.domain.com as a main domain name and secures…

  • sub1.sub.domain.com
  • sub2.sub.domain.com
  • anything.sub.domain.com

Note: Wildcard SSL Certificate doesn’t support any.thing.domain.com

Buying an individual certificate for the domain.com, anysub.domain.com or any.thing.domain.com, it can be more costly as well as hard to manage all certificates. You can secure your entire website with single UCC / SAN certificate that the cost can be around $45. (Price from SSL2BUY)

  • domain.com
  • www.domain.co.uk
  • www.domain.tld
  • sub1.domain.com
  • sub1.sub1.domain.com
  • sub2.sub2.domain.com
  • any.thing.domain.tld
Amir Habibi
  • 51
  • 4
1

Yes, you need a separate entry for sub-sub-domains. A wildcard matches only a single label and there can only a single and only leftmost wildcard in the domain, i.e.

  • *.example.com matches sub.example.com, but not www.sub.example.com and not example.com
  • You can not get sub.*.example.com.
  • You can not get *.*.example.com.
  • But *.sub.example.com is possible, but does not match sub.example.com.

You don't need a separate certificate for all of these. They can be in the same certificate as subject alternative names.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • so my subdomains are 1 for each customer I have. the list of subdomains is endless. so how can i get ssl for www.X.domain.com and www.Y.domain.com. do i need a separate entry in the SAN for X,Y,Z? – bart2puck Mar 07 '15 at 05:41
  • Yes, you need separate SAN or separate certificates. Again, there is no `*.*.example.com`. – Steffen Ullrich Mar 07 '15 at 06:03