Reputation: 22193
Browser Support for Wildcard Certificates
is there a limit to what browser versions support wildcard ssl certificates?
I can't find a valid resource that tells me if there only has been support for it since version x.
I can only find a list of browsers/servers that support Server Name Indication here. Browser Support Digicert But that is the problem of older browsers not sending the name of the virtual domain as part of the TLS negotiation.
Upvotes: 1
Views: 1735
Answers (1)
Reputation: 123260
Support for wildcards in browsers is very old and was already defined in the RFC, which defined how to to certificate validation with https (RFC2818 from 2000). Early implementations were less strict than they are now, e.g. they supported multiple wildcards (like www.., now: only single wildcard in leftmost label of hostname) and allowed wildcards in xn-- labels (e.g. international names, RFC6125 forbids this https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3).
Support for verifying the hostname in script languages or command line tools came later and is often incomplete or wrong even today (e.g. like accepting multiple wildcards or only looking into common name part). Lots of tools do not check hostname at all.
Upvotes: 2
Related Questions
- wildcard certificate does not work for sub-domain
- wildcard SSL/TLS certificate for second-level domain rejected by browsers
- SSL for sub domain without wildcard
- Is it possible to have a wildcard in the middle of a sub/sub-subdomain etc?
- ssl wildcard sub domain www.sub.domain.com
- It it possible to use wildcard certificate to sign subdomain certificate?
- Use a wildcard ssl cert to sign other certs
- Is it possible to have a valid sub-subdomain with a wildcard certificate?
- Wildcard SSL Certificate for subdomains / sub.sub.domain.com
- Hosting subdomains separately with and without SSL while using a wildcard certificate