remoting https listener with a wildcard certificate

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Aftab Hussain Aftab Hussain 2 years, 1 month ago.

  • Author
    Posts
  • #19813
    Profile photo of Aftab Hussain
    Aftab Hussain
    Participant

    I have a wilcard certificate such as *.domain.com, I have a server with a dns url of aftab.hussain.domain.com, this configuration fails the CN check, my testing shows that the cert has to be *.hussain.domnain.com. I don't see a way around this without skipping the check, so will just have to change my cert, just means I need more certificates, rather than just one.

  • #19815
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Correct. Wildcard certificates only cover a single wildcard (e.g., *.domain.com) not multiple (*.*.domain.com).

  • #19822
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    You should still be able to accomplish this with a single certificate, though. You just may need multiple Subject Alternative Name values on the cert. I've read conflicting reports as to whether a DNS name of *.*.domain.com on a certificate will work with modern browsers or not; you'd have to test it to see if it's that easy. If not, then you may need to have multiple SANs for each domain (*.domain.com, *.child.domain.com , etc.)

  • #19846
    Profile photo of Aftab Hussain
    Aftab Hussain
    Participant

    Didn't realise you could have SANs in a wildcard cert, I'll give that a try. If it works I'll update here.

You must be logged in to reply to this topic.