Micosoft CA - Wildcard certificate. Multi Domain yes/no?

Lutz Rahe 61 Reputation points
2020-10-05T07:33:11.923+00:00

Hi

Just a problem

We have a domain CA (a root CA which is offline and a sub CA which is domain joined) based on windows server .
An external customer is asking for a wildcard cert.

My question is:
(Please read the domain correctly, I have to format them wrongly, otherwise it will not be shown here)
(asterix).domain.com
(asterix).uat.domain.com
(asterix).prod.domain.co
Are (in this example) uat and prod subdomains included in the wildcard certificate of (asterix).domain.com? Or is the Microsoft CA wildcard ONLY vaild for #(asterix).domain.com and if I want to cover (asterix).uat.doman.com" too I will need this to included this into the SAN as well?

About this I cannot find any information

Best
Lutz

Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

Accepted answer
  1. Vadims Podāns 9,186 Reputation points MVP
    2020-10-05T07:46:21.93+00:00

    Or is the Microsoft CA widlcard ONLY vaild for .domain.com and if I want to cover *.uat.doman.com too I will need this to included this into the SAN as well?

    it is not Microsoft CA-specific. It is RFC standard. Wildcard covers only one level and wildcard can appear only once in domain name and must be leftmost part of domain name. That is, *.domain.com:

    will cover:

    • uat.domain.com
    • prod.domain.com

    don't cover:

    • *.uat.domain.com
    • *.prod.domain.com

    You have to include all three names in SAN.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Lutz Rahe 61 Reputation points
    2020-10-06T03:31:01.17+00:00

    Thank you very much

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.