Securing a single website with an SSL certificate is pretty simple.
But, it’s complicated in the case of multi-level subdomains (for eg: new.blog.domain.com).
Here comes the role of the wildcard SSL certificate, one of the security solution for websites with multi-level subdomains.
At Bobcares, we often get requests from our customers to set up “Multi-level subdomain wildcard SSL” as part of our Server Management Services.
Today, we’ll see how our Support Engineers configure “Multi-level subdomain wildcard SSL” and fix the related issues with it.
How to set up Multi-level subdomain wildcard SSL
Let’s see the requirements for setting wildcard SSL on the multi-level subdomain.
We do the following steps.
1. Initially, we access the terminal.
2. Next, we run the command to generate CSR (Certificate Signing Request).
openssl req –new –newkey rsa:2048 –nodes –keyout servername.key –out servername.csr3. Then, we enter the details of the multi-level subdomain (*.*.domain.com), organization, etc.
4. We download the Private Key along with the CSR file.
5. Next, we open the Apache configuration file /etc/httpd/httpd.conf & add the following code to configure.
<VirtualHost x.x.x.x:443>
DocumentRoot /var/www/html
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/intermediate_certificate.crt
</VirtualHost>6. Finally, we restart the services.
That’s how we install the wildcard SSL certificate on the multi-level subdomain.
Top 2 causes & fixes in Multi-level subdomain wildcard SSL
Even after setting up the wildcard SSL certificate in second-level subdomains, we often see some errors.
Let’s see how our Support Engineers solved them.
1. SAN certificate issue
Recently, one of our customers had reported us with a problem regarding wildcard SSL certificate on the multi-level subdomain. After installing wildcard SSL & when he tried to access “https://www.sub.domain.com” it resulted in certificate error(address miss match).
So, we took the following steps to solve the problem.
1. First, we opened the terminal.
2. We run the following command to view the content in human-readable form.
openssl x509 -in certificate.crt -noout -text
3. Next, we navigate to see the SAN field entry X509v3 Subject Alternative Name
4. By analyzing, we found that the SAN field entry was not present for the corresponding subdomain *.sub.domain.com
5. So, we asked them to purchase a new wildcard SAN cert from the Certificate Authority.
Wildcard certificate issued for the multi-level subdomain (*.sub.domain.com) won’t secure the main domain (domain.com) by default. To secure the main domain you need to purchase the SAN certificate.
Now, the user could access the multi-level subdomain without any errors.
2. Multi-level subdomain wildcard not supported in AWS
AWS Certificate manager (ACM) allows to use an asterisk (*) in the domain name to create a wildcard certificate that protects several sites in the same subdomain. For example, *.domain.com protects www.domain.com and images.domain.com.
However, ACM doesn’t support to add two level wildcard domain name. When you try to add, it gives an error like “invalid domain name”.
So, to solve this problem our Technical Team asked the users to purchase SAN certificate on the main domain and add each multi-level subdomain to the same cert.
That’s how our Support Engineers fixed the problems with multi-level subdomain wildcard SSL.
[Having trouble with multi-level subdomain wildcard SSL? We’ll fix it for you.]
Conclusion
To be more precise, with multi-level wildcard SSL certificates securing second-level subdomain becomes easier. Today, we saw the top 2 common errors with it and how our Support Engineers fixed them.
0 Comments