Difference between revisions of "Wildcard certificate"
Jump to navigation
Jump to search
↑ Wildcard SSL certificate limitation on QuovadisGlobal.com
↑ https://letsencrypt.org/docs/challenge-types/
↑ https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
Tags: Mobile web edit, Mobile edit |
|||
(8 intermediate revisions by one other user not shown) | |||
Line 7: | Line 7: | ||
* [[wikipedia:Wildcard certificate]]s do not valid for <code>*.example.com</code> or <code>www.example.com</code> and <code>example.com</code>. If you need a cert to work for example.com and <code>www.example.com</code>, you need to request a certificate with <code>[[subjectAltNames]]</code> so that you have "example.com" and "*.example.com". | * [[wikipedia:Wildcard certificate]]s do not valid for <code>*.example.com</code> or <code>www.example.com</code> and <code>example.com</code>. If you need a cert to work for example.com and <code>www.example.com</code>, you need to request a certificate with <code>[[subjectAltNames]]</code> so that you have "example.com" and "*.example.com". | ||
+ | * [[DNS-01 challenge]] must be used to issue/renew wilcard cerfificates, [[HTTP-01 challenge]] is not allowed<ref>https://letsencrypt.org/docs/challenge-types/</ref> only available via [[ACMEv2]] | ||
+ | ==Activities == | ||
+ | * Use [[Let's Encrypt]] <code>[[certbot]]</code> to request a wildcard certificate (since [[2018]]<ref>https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579</ref>) | ||
+ | * Renews your wilcard certificate: <code>[[certbot renew]]</code> | ||
− | == | + | == Related terms == |
− | * | + | * RFC 2818 |
+ | * [[Wildcard DNS record]] | ||
== See also == | == See also == | ||
* {{HTTPS}} | * {{HTTPS}} | ||
* {{CA}} | * {{CA}} | ||
− | * {{ | + | * {{TLS}} |
[[Category:IT Security]] | [[Category:IT Security]] |
Latest revision as of 08:43, 30 March 2023
wikipedia:Wildcard certificates
Limitations[edit]
- Only a single level of subdomain matching is supported in accordance with Template:IETF RFC.[1]
- wikipedia:Wildcard certificates do not valid for
*.example.com
orwww.example.com
andexample.com
. If you need a cert to work for example.com andwww.example.com
, you need to request a certificate withsubjectAltNames
so that you have "example.com" and "*.example.com".
- DNS-01 challenge must be used to issue/renew wilcard cerfificates, HTTP-01 challenge is not allowed[2] only available via ACMEv2
Activities[edit]
- Use Let's Encrypt
certbot
to request a wildcard certificate (since 2018[3]) - Renews your wilcard certificate:
certbot renew
Related terms[edit]
- RFC 2818
- Wildcard DNS record
See also[edit]
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool
,certbot
(Let's Encrypt),certinfo
(Cloudflare), ACME, Boulder,cfssl
(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca
, Self signed certificate, CSR,keytool
, ACM, KMS,aws acm
, IdenTrust, multirootca, cert-manager, ca_cert_identifier - TLS, mTLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509,
.pem
, SNI, CT, OCSP, Mbed TLS, ALPN,your connection is not private
, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection
Advertising: