Wildcard SSL - will it cover all levels

gogocode · #1 03-20-2007, 07:49 AM

Simple question I can't find an answer to, perhaps somebody knows.

Say for example I have a wildcard ssl for *.foo.com this will cover bar.foo.com allright but will it cover zort.bar.foo.com or would i have to have a cert for *.bar.foo.com (or even *.*.foo.com)

Anybody have an answer?

Patrick · #2 03-20-2007, 08:40 AM

It's my understanding that it will only cover first level sub domains.

Valid example:
*.bar.com (foo.bar.com)

Invalid example:
*.foo.bar.com (fee.foo.bar.com)

I suppose if you had a wildcard SSL for *.foo.bar.com then it could work, but I'm not 100% sure.

gogocode · #3 03-20-2007, 09:24 AM

Hmm, my experimentation appears to show it works for Opera and Firefox, but not IE. That's strange.

gogocode · #4 03-20-2007, 09:45 AM

For sake of posterity, some more trawling through the net produced an answer to my own question.

It's not supposed to work that way according to RFC 2818, a wildcard is not supposed to match a .

Mozilla allows it however, there is a bug lodged mentioning it (a years old bug mind you) so the capability may go away sometime.

Opera also allows it. Konq doesn't, so I guess Safari probably won't either.

CaCert has more explanation: http://wiki.cacert.org/wiki/WildcardCertificates

Back to the drawing board for me then :-(

Wildcard SSL - will it cover all levels

Sponsored Links

Advertise Here

Internet Services

Web Development

Digital Marketing

Consumer Tech