All-In-One Multi-Level Sub-Domain SSL

Discussion in 'ISPConfig 3 Priority Support' started by ahrasis, Apr 9, 2021.

  1. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Say, one wants to create multi-level sub-domains, so I was wondering if this type of SSL even exists?

    I know Letsencrypt and few other paid SSL have wildcard feature but I believe it covers only wildcard sub-domains like *.domain.tld, *.sub.domain.tld or *.sub.sub.domain.tld which all can be requested as one cert but is there any out there that covers domain.tld and all of its multi-level sub-domains certifying that the domain and all its sub-domain in which ever level are secure, which may be equivalent to something like *.*.*.domain.tld in one cert?

    I read what RFC says and I also seems to find none sells such SSL cert so far, so if anybody confirm that there is no such thing, I can relieve myself from ever thinking about it. :D
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    What is that, offhand? I only know that a few years ago, trying to use a *.domain.tld wildcard cert didn't work for x.y.domain.tld; I don't remember seeing any other option at that time (which doesn't exactly answer your question, but...).
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    There are several as mentioned in stackexchange discussion but RFC 2818 and RFC 6125 are basically what I read because they are the main reference in that discussion.

    *.*.domain.tld SSL certs didn't work, though may be created using openssl, most probably because it is not supported by the browsers due to RFC 6125.

    *.domain.tld also didn't work for x.y.domain.tld.
  4. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Just as I thought - there is no such thing.

Share This Page