Is it possible to have wildcard with SAN entries with `*` in 2nd label in single SSL certificate

Question

please help to find the answer to 3 questions. 1. Is it possible to buy one single certificate for domain mydomain.com which would work as the wildcard for *.mydomain.com and has SAN record for label1.*.mydomain.com and label2.*.mydomain.com? 2. How much it would be costs to add one more SAN record like label3.*.mydomain.com? 3. How long it takes to add one more SAN record like label3.*.mydomain.com?

Crypt32 · Accepted Answer · 2018-01-15T09:42:39.863

9

No, it is not allowed. Asterist character can be presented only once as a leftmost character and followed by a dot. No other wildcards are allowed in DNSName name type.

Valid names:

*.domain.com
*.sub.domain.com
*.sub1.sub2.domain.com

Invalid names:

*char.domain.com
*.*.domain.com
char*char.domain.com
char*.domain.com
sub.*.domain.com
<...>

More information with reference links on Wildcard Certificate

edited Jan 15 '18 at 09:42

answered Jan 15 '18 at 09:32

Crypt32

12,850
2
41
70

Can you provide please any ref to the spec or something? – greggyNapalm Jan 15 '18 at 09:36
added ref in edits – Crypt32 Jan 15 '18 at 09:42
You could have Subject Alternative Name components in the cert: https://stackoverflow.com/a/64117202/339052, https://stackoverflow.com/a/16127802/339052 – apa64 Sep 29 '20 at 09:56

Is it possible to have wildcard with SAN entries with `*` in 2nd label in single SSL certificate

1 Answers1

Linked

Related