Context
I work with multiple environments that are continuously created/destroyed. The instances in these environments can be joined like that:
<instance>.<environment>.<vpc>.domain.com
where <environement> changes all the time
Certificates
I have created one self-signed certificates for each VPCs:
*.*.vpc0.domain.com*.*.vpc1.domain.com- etc
So it's multi-subdomain wildcard certificates (no sure if there is a common name for that).
Proxy
I have setup some proxy with nginx. The certificates are setup and I can join my backend services by using virtual hosting and SSL. As expected, my browser tells me that the certificate is not trusted if I call the service.
My problem
Some of the backend services need to access other backend services through this kind of proxy in SSL. My problem rise with the not trusted certificate error.
The problem is that adding the certificate to the Windows Trusted Root Certification Authorities doesn't solve this issue. I continue to have the error when I/service try to join a service in SSL.
Side notes
- The setup of a one level wildcard certificate works fine. For example
*.environment0.vpc0.domain.comis detected in the windows Trusted Root and the error goes away. - I don't want to desactivate this certificate control
- There are other solutions to achieve the same kind of design, my question focus on understanding why this 2 levels certificate is not detected when in the store
Regards
