AWS ACM(Certificate Manager) priority sequence

Question

In AWS ACM i have a public certificate which covers example.com and *.example.com
Our client require a unique/separate certificate for the subdomain test.example.com
To solve this i have create another ACM public certificate with domain name as test.example.com
Added subdomain "A" certificate with domain name as test.example.com under route53 records in hosted zone for example.com domain

Question :- In above scenario which certificate will have more priority the one created with domain name test.example.com or *.example.com

Follow up :- How do i validate the certs(to make sure which cert the domain name is using currently).

score 0 · Answer 1 · answered May 27 '22 at 08:55

0

More specific one should always be used, which is test.example.com. You can test that you can use any browser, or curl if you want:

curl -Ivv https://test.example.com 2>&1 | grep "subject"

should give something as the following when cert for test.example.com is used:

subject: CN=test.example.com

otherwise it would be:

subject: CN=*.example.com

answered May 27 '22 at 08:55

Marcin

215,873
14
235
294

Current certificates should have names in the SAN extension, the subject is more and more ignored by browsers. – Patrick Mevzek May 27 '22 at 14:34

AWS ACM(Certificate Manager) priority sequence

1 Answers1