Reputation: 11610
I'm trying to create certificate for both test
and *.test
. I'm using minica
to generate it and everything goes well (alt names are added):
X509v3 Subject Alternative Name:
DNS:*.test, DNS:test
(and CA certificate is added to browsers' trusted root certification authorities store) but the certificate is rejected by both chrome and firefox.
Upvotes: 1
Views: 1146
Reputation: 11610
Although you can create a valid certificate for second-level domain or even top level domain those certificates won't be respected by the browsers for security reasons (i.e. certificate for *.com would be very dangerous). So even though test
is a reserved domain name that can't be registered by any registrar, the certificate will be rejected.
When you try to do this with mkcert
you'll get pretty nice warning:
Warning: many browsers don't support second-level wildcards like *.test ⚠️
Use i.e. app.test
+ *.app.test
instead.
Upvotes: 1