Is it possible to have a valid sub-subdomain with a wildcard certificate?

Question

Say I have the following domain:

example.com

I have a Wildcard SSL certificate for this domain. Subdomains like test.example.com validate properly. However, when I try to use a domain like demo.test.example.com, I get an error message in all major browsers:

demo.test.example.com uses an invalid security certificate.

The certificate is only valid for the following names:
  *.example.com , example.com

Is it possible to use a wildcard certificate for a "sub-subdomain"?

Answer 1

Technically you could specify the following alternative names in the certificate and then it should work:

example.com
*.example.com
*.*.example.com

I don't know if there are certificate authorities that provide such certificates.

Answer 2

The standards don't allow a wildcard to work on multiple levels. However, you can put the specific multilevel subdomain in as a Subject Alternative Name in the wildcard certificate and it will work. Some certificate providers (like DigiCert) allow this.

Answer 3

Yes, you can use wildcards. But they only extend to that level of subdomain.

*.example.com works for test.example.com but not for demo.test.example.com.

You would have to specify *.*.example.com in the certificate. I'm not sure this would continue working with test.example.com.

Answer 4

Well, you've already verified that you can't! Here's why:

From: http://www.ietf.org/rfc/rfc2818.txt

Names may contain the wildcard character * which is considered to match any single domain name
component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.