As I understand it you can buy a Wildcard SSL certificate for
*.domain.com

Can you get a certificate for lower domain cover too ?

i.e.

*.*.domain.com

so test.server.domain.com would work or any other combination

Jon

[ Post a follow-up to this message ]

Jon -
This won't work with IE.  Microsoft will only recognize a wildcard in the
leftmost element of the DNS name.  Most other browsers will accept it howeve
r.
The RFC for this is non-specific on the subject, so Microsoft decided to
apply a strict interpretation.
Whereas most browsers will accept *.example.com for foo.example.com,
foo.bar.example.com, ms.foo.bar.example.com, etc., IE will only accept it fo
r
the first case.  To get it to work with the other two examples above, you
would need two additional certificates - *.bar.example.com and
*.foo.bar.example.com.  Note that by spec, *.example.com is not supposed to
match "example.com".  Therefore, *.foo.bar.example.com would not match both
the second and third hostnames above.
In my personal opinion, Microsoft should bring IE in line with the rest of
the browsers out there.  Any chance of this happening soon?  And being porte
d
back to IE6?
Jeff Janner

"jon@hibbins.com" wrote:

> As I understand it you can buy a Wildcard SSL certificate for
> *.domain.com
>
> Can you get a certificate for lower domain cover too ?
>
> i.e.
>
> *.*.domain.com
>
> so test.server.domain.com would work or any other combination
>
> Jon
>
>

[ Post a follow-up to this message ]