Micosoft CA - Wildcard certificate. Multi Domain yes/no?

Lutz Rahe 61 Reputation points
2020-10-05T07:33:11.923+00:00

Hi

Just a problem

We have a domain CA (a root CA which is offline and a sub CA which is domain joined) based on windows server .
An external customer is asking for a wildcard cert.

My question is:
(Please read the domain correctly, I have to format them wrongly, otherwise it will not be shown here)
(asterix).domain.com
(asterix).uat.domain.com
(asterix).prod.domain.co
Are (in this example) uat and prod subdomains included in the wildcard certificate of (asterix).domain.com? Or is the Microsoft CA wildcard ONLY vaild for #(asterix).domain.com and if I want to cover (asterix).uat.doman.com" too I will need this to included this into the SAN as well?

About this I cannot find any information

Best
Lutz

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,681 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vadims Podāns 8,856 Reputation points MVP
    2020-10-05T07:46:21.93+00:00

    Or is the Microsoft CA widlcard ONLY vaild for .domain.com and if I want to cover *.uat.doman.com too I will need this to included this into the SAN as well?

    it is not Microsoft CA-specific. It is RFC standard. Wildcard covers only one level and wildcard can appear only once in domain name and must be leftmost part of domain name. That is, *.domain.com:

    will cover:

    • uat.domain.com
    • prod.domain.com

    don't cover:

    • *.uat.domain.com
    • *.prod.domain.com

    You have to include all three names in SAN.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Lutz Rahe 61 Reputation points
    2020-10-06T03:31:01.17+00:00

    Thank you very much

    0 comments No comments