Forum Discussion

Alen_Ismic_1869's avatar
Alen_Ismic_1869
Icon for Nimbostratus rankNimbostratus
Feb 12, 2015
Solved

Wildcard Certificate

Hello,   I need to set up SSL certificates on multiple subdomains (more than 10) on one domain name. So I actually need Wildcard SSL certificate, and then I choosed Thawte Wildcard SSL certificate...
application delivery
deployment
design
LTM
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Feb 12, 2015

    Assuming all your sub-domains are first-level, you're good to go with the wildcard certificate. Just don't include any sub-domains (SANs) with your purchase requests, you really don't have to, and it might be the reason you received misleading information from them. Any first-level sub-domains will automatically be covered by the wildcard certificate.

     

    With a wildcard certificate, your second-level sub-domains will not be covered (e.g. "https://mysecond.myfirst.maindomain.com"); neither will "https://maindomain.com" be covered.

     

    I recommend reading the information here to learn more about wildcards & sub-domains: https://www.digicert.com/ssl-support/wildcard-san-names.htm

     

Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Feb 12, 2015

Assuming all your sub-domains are first-level, you're good to go with the wildcard certificate. Just don't include any sub-domains (SANs) with your purchase requests, you really don't have to, and it might be the reason you received misleading information from them. Any first-level sub-domains will automatically be covered by the wildcard certificate.

 

With a wildcard certificate, your second-level sub-domains will not be covered (e.g. "https://mysecond.myfirst.maindomain.com"); neither will "https://maindomain.com" be covered.

 

I recommend reading the information here to learn more about wildcards & sub-domains: https://www.digicert.com/ssl-support/wildcard-san-names.htm

 

  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Feb 12, 2015
    It's a good practice to use a wildcard certificate in combination with 1 additional SAN. Below are the details of one certificate which covers all first-level sub-domains as well as the "https://maindomain.com" (no first-level domain specified). The total cost of such solution is the cost of a wildcard certificate + 1 SAN certificate. This is a solution you might want to consider (depending on if you really need the https://maindomain.com to be covered). Certificate Properties Public Key Type RSA Public Key Size 2048 bits Expires Jul 9 14:30:00 2015 GMT Version 3 Serial Number xx:xx:xx:xx:xx:xx:xx Subject Common Name: *.maindomain.com Organization: Division: Domain Control Validated Locality: State Or Province: Country: Issuer Common Name: COMPANY Certification Authority Organizational Unit: COMPANY, Inc. Division: http://COMPANY/repository Locality: COMPANY State Or Province: Arizona Country: US Email Subject Alternative Name DNS:maindomain.com, DNS:*.maindomain.com