Difference between revisions of "Wildcard certificate"
Jump to navigation
Jump to search
↑ Wildcard SSL certificate limitation on QuovadisGlobal.com
↑ https://letsencrypt.org/docs/challenge-types/
↑ https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
| (12 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | Wildcard | + | [[wikipedia:Wildcard certificate]]s |
| + | ==Limitations== | ||
| + | * Only a single level of [[subdomain]] matching is supported in accordance with {{IETF RFC|2818}}.<ref>[https://support.quovadisglobal.com/KB/a60/will-ssl-work-with-multilevel-wildcards.aspx?KBSearchID=10223 Wildcard SSL certificate limitation on QuovadisGlobal.com]</ref> | ||
| + | |||
| + | * [[wikipedia:Wildcard certificate]]s do not valid for <code>*.example.com</code> or <code>www.example.com</code> and <code>example.com</code>. If you need a cert to work for example.com and <code>www.example.com</code>, you need to request a certificate with <code>[[subjectAltNames]]</code> so that you have "example.com" and "*.example.com". | ||
| + | |||
| + | * [[DNS-01 challenge]] must be used to issue/renew wilcard cerfificates, [[HTTP-01 challenge]] is not allowed<ref>https://letsencrypt.org/docs/challenge-types/</ref> only available via [[ACMEv2]] | ||
==Activities == | ==Activities == | ||
| − | * Use <code>[[certbot]]</code> to request a wildcard certificate | + | * Use [[Let's Encrypt]] <code>[[certbot]]</code> to request a wildcard certificate (since [[2018]]<ref>https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579</ref>) |
| + | * Renews your wilcard certificate: <code>[[certbot renew]]</code> | ||
| + | == Related terms == | ||
| + | * RFC 2818 | ||
| + | * [[Wildcard DNS record]] | ||
== See also == | == See also == | ||
* {{HTTPS}} | * {{HTTPS}} | ||
* {{CA}} | * {{CA}} | ||
| − | * {{ | + | * {{TLS}} |
[[Category:IT Security]] | [[Category:IT Security]] | ||
Latest revision as of 08:43, 30 March 2023
wikipedia:Wildcard certificates
Limitations[edit]
- Only a single level of subdomain matching is supported in accordance with Template:IETF RFC.[1]
- wikipedia:Wildcard certificates do not valid for
*.example.comorwww.example.comandexample.com. If you need a cert to work for example.com andwww.example.com, you need to request a certificate withsubjectAltNamesso that you have "example.com" and "*.example.com".
- DNS-01 challenge must be used to issue/renew wilcard cerfificates, HTTP-01 challenge is not allowed[2] only available via ACMEv2
Activities[edit]
- Use Let's Encrypt
certbotto request a wildcard certificate (since 2018[3]) - Renews your wilcard certificate:
certbot renew
Related terms[edit]
- RFC 2818
- Wildcard DNS record
See also[edit]
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL, WebSockets, WebRTC,ssl_certificateQUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure, Axios HTTP client, HTTP cookies, HTTP ETag - CA, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool,certbot(Let's Encrypt),certinfo(Cloudflare), ACME, Boulder,cfssl(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca, Self signed certificate, CSR,keytool, ACM, KMS,aws acm, IdenTrust, multirootca, cert-manager - TLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509,
.pem, SNI, CT, OCSP, Mbed TLS, mTLS, ALPN,your connection is not private, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection
Advertising:
