| Jeff Janner 2007-05-24, 1:18 pm |
| Jon -
This won't work with IE. Microsoft will only recognize a wildcard in the
leftmost element of the DNS name. Most other browsers will accept it however.
The RFC for this is non-specific on the subject, so Microsoft decided to
apply a strict interpretation.
Whereas most browsers will accept *.example.com for foo.example.com,
foo.bar.example.com, ms.foo.bar.example.com, etc., IE will only accept it for
the first case. To get it to work with the other two examples above, you
would need two additional certificates - *.bar.example.com and
*.foo.bar.example.com. Note that by spec, *.example.com is not supposed to
match "example.com". Therefore, *.foo.bar.example.com would not match both
the second and third hostnames above.
In my personal opinion, Microsoft should bring IE in line with the rest of
the browsers out there. Any chance of this happening soon? And being ported
back to IE6?
Jeff Janner
"jon@hibbins.com" wrote:
> As I understand it you can buy a Wildcard SSL certificate for
> *.domain.com
>
> Can you get a certificate for lower domain cover too ?
>
> i.e.
>
> *.*.domain.com
>
> so test.server.domain.com would work or any other combination
>
> Jon
>
>
|