28

I have a wildcard SSL from Godaddy. When I go here:

https://conciergelive.conciergeliveapp.com/users_session/new

Everything is fine. But when I go here:

https://es.conciergelive.conciergeliveapp.com/users_session/new

I get a security alert. I need the extra subdomain to determine locality. Any ideas why this does not work?

Jeroen
  • 60,696
  • 40
  • 206
  • 339
Binary Logic
  • 2,562
  • 7
  • 31
  • 39

2 Answers2

41

According to RFC 2818 Http Over SSL, section 3.1:

Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com

it explains why the name *.conciergeliveapp.com in the certifacte matches conciergelive.conciergeliveapp.com but not es.conciergelive.conciergeliveapp.com

Jcs
  • 13,279
  • 5
  • 53
  • 70
  • 3
    The standard (as in standards track RFC) on wildcard certificate matching rules is actually RFC 6125 (section 6.4.3); RFC 2818 has only informational status. https://www.rfc-editor.org/rfc/rfc6125.txt – Daniel Roethlisberger Apr 11 '12 at 17:11
11

Your SSL cert is really only good for *.conciergeliveapp.com, you will need another SSL cert for *.conciergelive.conciergeliveapp.com

You can reference the RFC-2818 http://www.ietf.org/rfc/rfc2818.txt

And checkout ServerFault for more detail: https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain

Community
  • 1
  • 1
Brandon
  • 2,574
  • 19
  • 17