Wildcard SSL Subdomain forwarding

Question

I have an issue with my website. I have a web service that when users create an account they get their own subdomain (for example: john.example.com)

Everything works perfectly as expected, I have a wildcard SSL certificate which works fine when going to:

https://john.example.com/

BUT

If a user enters www.john.example.com Chrome stops the connection to the site and shows an SSL Error stating:

Cannot connect to the real www.john.example.com

Something is currently interfering with your secure connection to www.john.example.com.

Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.

If you were to visit www.john.example.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.john.example.com.

This only happens in chrome. If I go to the URL www.john.example.com in Firefox or IE the connection completes and the htaccess forwards the user to https://john.example.com, but Chrome isn't giving the server a chance.

How do I fix this for the users?

Will i Have to buy another wildcard SSL cert for www.*.example.com ?

user149341 · Accepted Answer

This is an inherent limitation of wildcard SSL certificates — a wildcard component like the * in *.example.com can only replace a single hostname component (like john), not multiple levels (like www.john). You will need to structure your site such that it does not link to these subdomains with a www; or, if it must, that it does so without HTTPS.

It will most likely not be possible for you to obtain a wildcard certificate that is valid for these subdomains. SSL CAs are rarely willing to sign unusual wildcard certificates like the one you're considering (www.*.example.com).

Wildcard SSL Subdomain forwarding

Answers (2)

Related Questions