I created Wildcard certificate to support my site domain and subdomains.
The new certificate works for my subdomains (e.g www.mydomain.com , sub.mydomain.com)
But when I try to get to mydomain.com I get certificate warning: "the certificate is only valid for *.mydomain.com"
Is it a problem with my configuration or just the Wildcard certificate doesn't support it?
For supporting both example.com and subdomain.example.com the certificate needs to include both *.example.com and example.com as subject alternative names. I assume that the last one is missing from your certificate.
I guess you have purchased wildcard ssl certificate from thawte or symantec, which does not support equally www and non-www. In the past, I purchased thawte wildcard certificate and faced the same type of issue. I just discussed with my vendor to get the solution, they gave me technical support instantly and suggest alphassl wildcard -
https://www.ssl2buy.com/alphassl-wildcard.php. After that, I switched over to alphassl wildcard that works fine on my both domain names mydomain.com, www.mydomain.com as well anything.mydomain.com.
Related
I bought a wildcard certificate for *.example.com. Now, I have to secure *.subdomain.example.com. Is it possible to create a sub-certificate for my wildcard-certificate?
If it is, how I can do this?
No, it is not possible. A wildcard inside a name only reflects a single label and the wildcard can only be leftmost. Thus *.*.example.org or www.*.example.org are not possible. And *.example.org will neither match example.org nor www.subdomain.example.org, only subdomain.example.org.
But you can have multiple wildcard names inside the same certificate, that is you can have *.example.org and *.subdomain.example.org inside the same certificate.
It is impossible to secure multi-level subdomains with a single wildcard certificate. If wildcard certificate issued for *.mydomain.tld, so it can secure only first-level subdomains of *.mydomain.com.
To secure your second-level subdomains, you have two choices.
Purchase another wildcard certificate for *.sub1.mydomain.tld. In that case, you need to manage two individual wildcard certificates.
You can go with a multi-domain wildcard certificate, where you can add up to 100 multiple domains or subdomains.
For example,
*.mydomain.tld
*.sub1.mydomain.tld
*.sub2.mydomain.tld
*.anydomain.com
It will secure your multiple domains and multi-level subdomains and reduce your hassle from multiple certificate management.
As per 7 year old article at https://www.digicert.com/news/2010-9-1-new-wildcard-features/ :
DigiCert Wildcard Plus certificates can secure any subdomain using
subject alternative names (SANs). A traditional wildcard certificate
for *.example.com will only secure a first-level subdomain of
example.com such as mail.example.com. DigiCert’s Wildcard Plus
certificate uses SANs to secure any subdomain of example.com,
including multi-level subdomains such as mail.internal.example.com.
With this new feature, all subdomains can be secured with a single
Wildcard Plus certificate from DigiCert. The base domain itself,
example.com, is automatically included as a SAN in every Wildcard Plus
certificate as well, which increases compatibility and protects
example.com with or without the “www.”
No, You can't create sub-certificate for your wildcard.
-> Your wildcard Certificate is for *.mydomain.tld, so as per Wildcard SSL guideline you can secure first level sub-domains. Means anything.mydomain.tld can be secured.
-> But if you want to use it to secure *.subdomain.mydomain.tld, which is for second level sub-domains, but wildcard certificate cant secure second level sub-domains.
Solution
-> You need to buy one more wildcard SSL Certificate for your second level sub-domain *.subdomain.mydomain.tld
I have Wild Card SSL Certificate and i need to implement it on multiple domains. on first it is being implemented and on second i have to implement. Is it possible that i can implement the same certificate on Two Domains. Domains are hitting the same IP Address, means hosted on same server. But having different Domains first is like: https://erp.example.com and Second is http://app.example.com. Both application are differently hosted on IIS.
Please suggest.
If the certificate is a *.example.com cert, then yes, you can. That is, after all, the whole point of a wild card certificate: to support any domain combination of the base domain.
We do it ourselves.
I'm unsure if that is your actual question though.
If you have enabled your Wildcard SSL certificate for your domain *.example.com then yes you can secure both subdomains erp (.dot) example.com and app (.dot) example.com.
Below resources will help you to install Wildcard SSL certificate on IIS server very easily:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO19990
https://www.clickssl.net/blog/how-to-install-wildcard-ssl-certificate-in-iis-7
You are questioning about two domains, but actually you have two sub-domains under single domain and if you already have Wildcard SSL certificate, your all sub-domains will be protected. Wildcard SSL issued on *.example.com will automatically secure unlimited number of sub-domains. It does not really matter your sub-domains are hosted on same server or differently, you can secure all with Wildcard Certificate.
What will be secured with single Wildcard SSL;
https://app.example.com
https://erp.example.com
https://anything.example.com
Ps: Wildcard certificate will help you secure sub-domain only first level.
When setting up a single domain website with an SSL certificate, what domain should the certificate be registered as for it to work properly with both www.domain.com and domain.com?
... to work properly with both www.domain.com and domain.com?
A certificate must match all domains which it should be used for. In this case it is enough to get a certificate containing these two domains. A certificate containing www.example.com only can not be used for example.com.
There are different types of SSL cert which do different things. My advice is to contact the Certificate issuer and ask them what you need.
I am trying to setup wildcard sub-domain. So my domain is www.mydomain.com so anything comes like this test.mydomain.com, welcome.mydomain.com will work, that is fine.
When it comes to SSL, if I am buying SSL for www.mydomain.com then will that same SSL certificate works for test.mydomain.com, welcome.mydomain.com? Since they are not real sub-domains just virtual.
If not do I need to buy wildcard SSL?
If I think technically all the wildcard sub-domains will point to same root folder and IP. From there using my code I will deliver different content. In that case my SSL certificate for www.mydomain.com will also work for test.mydomain.com right? I am not sure.
Any Guess?
NAME in the SSL certificate must exactly match domain name of the site. You need wildcard certificate. Non-wildcard will produce a wrong-site warning.
Say I have the following domain:
example.com
I have a Wildcard SSL certificate for this domain. Subdomains like test.example.com validate properly. However, when I try to use a domain like demo.test.example.com, I get an error message in all major browsers:
demo.test.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.example.com , example.com
Is it possible to use a wildcard certificate for a "sub-subdomain"?
Well, you've already verified that you can't! Here's why:
From: http://www.ietf.org/rfc/rfc2818.txt
Names may contain the wildcard character * which is considered to
match any single domain name
component or component fragment. E.g.,
*.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com
but not bar.com.
The standards don't allow a wildcard to work on multiple levels. However, you can put the specific multilevel subdomain in as a Subject Alternative Name in the wildcard certificate and it will work. Some certificate providers (like DigiCert) allow this.
Yes, you can use wildcards. But they only extend to that level of subdomain.
*.example.com works for test.example.com but not for demo.test.example.com.
You would have to specify *.*.example.com in the certificate. I'm not sure this would continue working with test.example.com.
Technically you could specify the following alternative names in the certificate and then it should work:
example.com
*.example.com
*.*.example.com
I don't know if there are certificate authorities that provide such certificates.