Reputation: 11610
wildcard SSL/TLS certificate for second-level domain rejected by browsers
I'm trying to create certificate for both test and *.test. I'm using minica to generate it and everything goes well (alt names are added):
X509v3 Subject Alternative Name:
DNS:*.test, DNS:test
(and CA certificate is added to browsers' trusted root certification authorities store) but the certificate is rejected by both chrome and firefox.
Upvotes: 1
Views: 1146
Answers (1)
Reputation: 11610
Although you can create a valid certificate for second-level domain or even top level domain those certificates won't be respected by the browsers for security reasons (i.e. certificate for *.com would be very dangerous). So even though test is a reserved domain name that can't be registered by any registrar, the certificate will be rejected.
When you try to do this with mkcert you'll get pretty nice warning:
Warning: many browsers don't support second-level wildcards like *.test ⚠️
Use i.e. app.test + *.app.test instead.
Upvotes: 1
Related Questions
- wildcard certificate does not work for sub-domain
- Browser Support for Wildcard Certificates
- SSL for sub domain without wildcard
- Wildcard cert installed in Apache but subdomain fails browser check
- Wildcard certificate not valid for mydomain.com
- Use a wildcard ssl cert to sign other certs
- Is it possible to have a valid sub-subdomain with a wildcard certificate?
- Hosting subdomains separately with and without SSL while using a wildcard certificate
- ssl self signed wildcard certificate on sub domain - internet explorer and chrome cannot display page
- wildcard SSL certificate generates error when no subdomain is used