[Sysadmins] Wilcard certs *.*.domain.tld ?

Nick Hilliard nick at netability.ie
Mon Aug 10 15:27:58 IST 2009


On 10/08/2009 15:21, Paul Reilly wrote:
> I need an SSL cert provider that can provide a wildcard SSL cert capable
> of doing *.*.mydomain.com. I have a wildcard cert from Thawte, but it
> only does *.domain.com. So if someone uses www.*.domain.com it doesn't
> work.
>
> Is anyone aware of providers who can do *.*.domain.com <http://domain.com>?

Aside from the issue of who might provide *.*., are you sure that this is 
going to be supported on each client ssl lib?  You're depending on these 
libraries performing full glob expansion, and I would be slightly surprised 
to hear that this actually worked.  You can support * using a very simple 
test, but glob expansion is an entirely different matter.

Anyway, if you're getting a new wildcard cert, get *\0.domain.com - much 
more flexible :-)

Nick



More information about the Sysadmins mailing list