是否可以拥有带有通配符证书的有效子子域?
假设我有以下域:
example.com
我有该域的通配符 SSL 证书。 test.example.com 等子域可以正确验证。但是,当我尝试使用像 demo.test.example.com 这样的域时,我在所有主要浏览器中都会收到一条错误消息:
demo.test.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.example.com , example.com
是否可以对“子子域”使用通配符证书?
Say I have the following domain:
example.com
I have a Wildcard SSL certificate for this domain. Subdomains like test.example.com validate properly. However, when I try to use a domain like demo.test.example.com, I get an error message in all major browsers:
demo.test.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.example.com , example.com
Is it possible to use a wildcard certificate for a "sub-subdomain"?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
好吧,你已经证实你不能!原因如下:
来自:http://www.ietf.org/rfc/rfc2818.txt
Well, you've already verified that you can't! Here's why:
From: http://www.ietf.org/rfc/rfc2818.txt
标准不允许通配符在多个级别上工作。但是,您可以将特定的多级子域作为主题备用名称放入通配符证书中,它将起作用。一些证书提供商(如 DigiCert)允许这样做。
The standards don't allow a wildcard to work on multiple levels. However, you can put the specific multilevel subdomain in as a Subject Alternative Name in the wildcard certificate and it will work. Some certificate providers (like DigiCert) allow this.
是的,您可以使用通配符。但它们仅扩展到该级别的子域。
*.example.com适用于test.example.com,但不适用于demo.test.example.com。您必须在证书中指定
*.*.example.com。我不确定这是否会继续与test.example.com一起使用。Yes, you can use wildcards. But they only extend to that level of subdomain.
*.example.comworks fortest.example.combut not fordemo.test.example.com.You would have to specify
*.*.example.comin the certificate. I'm not sure this would continue working withtest.example.com.从技术上讲,您可以在证书中指定以下替代名称,然后它应该可以工作:
我不知道是否有证书颁发机构提供此类证书。
Technically you could specify the following alternative names in the certificate and then it should work:
I don't know if there are certificate authorities that provide such certificates.