Forum Discussion

Nimbostratus

May 05, 2008

Wildcard SSL doesn't handle root domain?

My understanding of this may be lacking, but is there no way for a wilcard ssl certificate to handle the "root" domain? Example: I have a wildcard cert for "*.foo.com". It handles SSL requ...

Altostratus

Aug 19, 2013

Technically, wildcard certs are issued based on the unknown children of a subdomain. Most wildcard certs are issued for 3-part domains (*.domain.com), but it's also very common to see them for 4-part domains (e.g. *.domain.co.uk).

You could use SNI on the VIP and install both the 2-part and 3-part cert, but that's not supported on any version of IE on Windows XP. Your best bet is probably to set up a dummy VIP (port 443) for the 2-part domain name with the appropriate 2-part cert and then redirect all requests to the right 3-part domain.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Wildcard SSL doesn't handle root domain?

Recent Discussions

Need Urgent BIGIP Trial License and VM Image

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

AFM deny log level

History Current Connections from Local pool Traffic.

Persistent hash iRule

Related Content

iRule http host with wildcard domain

Enriching AFM with public domain Threat Intelligence

Wildcard Parameter signature attack

domain blocking

Use Fully Qualified Domain Name (FQDN) for GSLB Pool Member with F5 DNS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS