Forum Discussion

Nimbostratus

Feb 12, 2015

Wildcard Certificate

Hello, I need to set up SSL certificates on multiple subdomains (more than 10) on one domain name. So I actually need Wildcard SSL certificate, and then I choosed Thawte Wildcard SSL certificate...

Hannes_Rapp_162
Feb 12, 2015
Assuming all your sub-domains are first-level, you're good to go with the wildcard certificate. Just don't include any sub-domains (SANs) with your purchase requests, you really don't have to, and it might be the reason you received misleading information from them. Any first-level sub-domains will automatically be covered by the wildcard certificate.

With a wildcard certificate, your second-level sub-domains will not be covered (e.g. "https://mysecond.myfirst.maindomain.com"); neither will "https://maindomain.com" be covered.

I recommend reading the information here to learn more about wildcards & sub-domains: https://www.digicert.com/ssl-support/wildcard-san-names.htm

Hannes_Rapp_162

Nacreous

Feb 12, 2015

Assuming all your sub-domains are first-level, you're good to go with the wildcard certificate. Just don't include any sub-domains (SANs) with your purchase requests, you really don't have to, and it might be the reason you received misleading information from them. Any first-level sub-domains will automatically be covered by the wildcard certificate.

With a wildcard certificate, your second-level sub-domains will not be covered (e.g. "https://mysecond.myfirst.maindomain.com"); neither will "https://maindomain.com" be covered.

I recommend reading the information here to learn more about wildcards & sub-domains: https://www.digicert.com/ssl-support/wildcard-san-names.htm

Hannes_Rapp_162
Nacreous
Feb 12, 2015
It's a good practice to use a wildcard certificate in combination with 1 additional SAN. Below are the details of one certificate which covers all first-level sub-domains as well as the "https://maindomain.com" (no first-level domain specified). The total cost of such solution is the cost of a wildcard certificate + 1 SAN certificate. This is a solution you might want to consider (depending on if you really need the https://maindomain.com to be covered). Certificate Properties Public Key Type RSA Public Key Size 2048 bits Expires Jul 9 14:30:00 2015 GMT Version 3 Serial Number xx:xx:xx:xx:xx:xx:xx Subject Common Name: *.maindomain.com Organization: Division: Domain Control Validated Locality: State Or Province: Country: Issuer Common Name: COMPANY Certification Authority Organizational Unit: COMPANY, Inc. Division: http://COMPANY/repository Locality: COMPANY State Or Province: Arizona Country: US Email Subject Alternative Name DNS:maindomain.com, DNS:*.maindomain.com

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Wildcard Certificate

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

Wildcard SSL Certificate Deployment on F5 LTM

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating NGINX Certificate Rotation on AWS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS