wesupport

Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Quick remedies to Multi-level subdomain wildcard SSL

by | May 8, 2019

Securing a single website with an SSL certificate is pretty simple.

But, it’s complicated in the case of multi-level subdomains (for eg: new.blog.domain.com).

Here comes the role of the wildcard SSL certificate, one of the security solution for websites with multi-level subdomains.

At Bobcares, we often get requests from our customers to set up “Multi-level subdomain wildcard SSL” as part of our Server Management Services.

Today, we’ll see how our Support Engineers configure “Multi-level subdomain wildcard SSL” and fix the related issues with it.

 

How to set up Multi-level subdomain wildcard SSL

Let’s see the requirements for setting wildcard SSL on the multi-level subdomain.

We do the following steps.

1. Initially, we access the terminal.

2. Next, we run the command to generate CSR (Certificate Signing Request).

openssl req –new –newkey rsa:2048 –nodes –keyout servername.key –out servername.csr

3. Then, we enter the details of the multi-level subdomain (*.*.domain.com), organization, etc.

4. We download the Private Key along with the CSR file.

5. Next, we open the Apache configuration file /etc/httpd/httpd.conf & add the following code to configure.

<VirtualHost x.x.x.x:443>
DocumentRoot /var/www/html
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/intermediate_certificate.crt
</VirtualHost>

6. Finally, we restart the services.

That’s how we install the wildcard SSL certificate on the multi-level subdomain.

 

Top 2 causes & fixes in Multi-level subdomain wildcard SSL

Even after setting up the wildcard SSL certificate in second-level subdomains, we often see some errors.

Let’s see how our Support Engineers solved them.

1. SAN certificate issue

Recently, one of our customers had reported us with a problem regarding wildcard SSL certificate on the multi-level subdomain. After installing wildcard SSL & when he tried to access “https://www.sub.domain.com” it resulted in certificate error(address miss match).

So, we took the following steps to solve the problem.

1. First, we opened the terminal.

2. We run the following command to view the content in human-readable form.

openssl x509 -in certificate.crt -noout -text

3. Next, we navigate to see the SAN field entry X509v3 Subject Alternative Name

4. By analyzing, we found that the SAN field entry was not present for the corresponding subdomain *.sub.domain.com

5. So, we asked them to purchase a new wildcard SAN cert from the Certificate Authority.

Wildcard certificate issued for the multi-level subdomain (*.sub.domain.com) won’t secure the main domain (domain.com) by default. To secure the main domain you need to purchase the SAN certificate.

Now, the user could access the multi-level subdomain without any errors.

 

2. Multi-level subdomain wildcard not supported in AWS

AWS Certificate manager (ACM) allows to use an asterisk (*) in the domain name to create a wildcard certificate that protects several sites in the same subdomain. For example, *.domain.com protects www.domain.com and images.domain.com.

However, ACM doesn’t support to add two level wildcard domain name. When you try to add, it gives an error like “invalid domain name”.

So, to solve this problem our Technical Team asked the users to purchase SAN certificate on the main domain and add each multi-level subdomain to the same cert.

That’s how our Support Engineers fixed the problems with multi-level subdomain wildcard SSL.

 

[Having trouble with multi-level subdomain wildcard SSL? We’ll fix it for you.]

 

 

Conclusion

To be more precise, with multi-level wildcard SSL certificates securing second-level subdomain becomes easier. Today, we saw the top 2 common errors with it and how our Support Engineers fixed them.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Categories

Tags