SAN entries on wildcard certificate

[Guest]

[welshdave]

Hi,

I have a customer that currently has a wildcard SSL certificate for *.domain.com.  They recently acquired another company and are starting to moan that when they go to webmail.doman2.com (which points to the same location) they are getting the obvious invalid SSL message.

In an ideal world they would simply use domain2.domain.com and all would be well but they are asking whether we can allow them to carry on using the domain2.com domain with the SSL certificate

I've tried doing some research and it looks like I need an SSL certificate with SAN entries. Is it possible to add these to my current wildcard SSL certificate or would I need to get a new MDC cert with each subdomain added

i.e
get *.domain.com with SAN entries for webmail.domain2.com, sharepoint.domain2.com
or
get MDC SSL key with SAN entries for webmail.domain.com, sharepoint.domain.com etc...., webmail.domain2.com, sharepoint.domain2.com

thanks for any advice on this

[Sal Amander]

Hi,

I have a customer that currently has a wildcard SSL certificate for *.domain.com.  They recently acquired another company and are starting to moan that when they go to webmail.doman2.com (which points to the same location) they are getting the obvious invalid SSL message.

In an ideal world they would simply use domain2.domain.com and all would be well but they are asking whether we can allow them to carry on using the domain2.com domain with the SSL certificate

I've tried doing some research and it looks like I need an SSL certificate with SAN entries. Is it possible to add these to my current wildcard SSL certificate or would I need to get a new MDC cert with each subdomain added

i.e
get *.domain.com with SAN entries for webmail.domain2.com, sharepoint.domain2.com
or
get MDC SSL key with SAN entries for webmail.domain.com, sharepoint.domain.com etc...., webmail.domain2.com, sharepoint.domain2.com

thanks for any advice on this

Answer:

Code:

get MDC SSL key with SAN entries for webmail.domain.com,
sharepoint.domain.com etc...., webmail.domain2.com, sharepoint.domain2.com

[tbaumann99]

Hi,

it's been now two years. Are there any news about this topic?
We have the same problem like welshdave.

Is there still no way to have a combination between SAN and wildcard certificate?
We just want to have all *.ourdomain.com certified plus time by time some external domains.

The list would look like this:
*.ourDomain1.com
*.ourDomain2.com
shop.externalDomain.com
www.shopExternalDomain.com
etc.

We want to avoid to add each of our subdomains by hand.

Two more points:
* Are there any restrictions which servers support these kind of certificate?
* Is it a problem if extdomain.com already has its own wildcard cert, and we try to certify sub.extdomain.com with our cert?

Thanks for your help.

[SSL Guru]

Hi

You need an MDC SSL as Sal Amander says.

Garry

[Tags:]