I've purshase a wildcard ssl certificat for *.domain.com. I use:
- startssl provider for ssl certificat
- Apache VirtualHost
I want every request to be redirected to HTTPS NO-WWW
I managed to do this:
- http://sub.domain.com => https://domain.com is ok
- http://www.sub.domain.com => https://sub.domain.com is ok
BUT
https://www.sub.domain.com => https://domain.com is NOT OK (NET::ERR_CERT_COMMON_NAME_INVALID)
Can you help me ?
<VirtualHost *:80>
ServerName sub.domain.com
Redirect permanent / https://sub.domain.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.sub.domain.com
Redirect permanent / https://sub.domain.com
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerAdmin mail@domain.com
ServerName sub.domain.com
ServerAlias www.sub.domain.com
DocumentRoot /home/sub.domain.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/sub.domain.com>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.sub.domain.com.crt
SSLCertificateKeyFile /root/sub.domain.com.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
A wildcard certificate for *.domain.com (first domain sub domain) is not valid for www.sub.domain.com (second level sub domain). You will need a wilcard certificate for *.sub.domain.com.
You might have misconstrued about Wildcard SSL functionality. Let me elaborate below in depth, Wildcard SSL certificate works on asterisk (*). You can assume of any sub domain in the place of asterisk.
Example 1: If you have issued SSL certificate *.domain.com, it will secure,
https://domain.com
https://www.domain.com
https://mail.domain.com
https://video.domain.com
https://anything.domain.com
But it won’t secure second level sub-domain.
Example 2: Now if you have issued cert on *.sub.domain.com, it will secure,
https://sub.domain.com
https://mail.sub.domain.com
https://photo.sub.domain.com
https://anything.sub.domain.com
Wildcard SSL issued on *.sub.domain.com will not secure any URLs under Example 1.
Now if you want to secure all the above URLs (Example 1 + 2), than you should go with Multi Domain Wildcard certificate. It will give you a facility to protect multiple level sub-domains with single certificate.
Discussing about Wildcard SSL Certificate in details.
The main function of Wildcard SSL is to secure website and its unlimited number of sub-domains.
But there are some limitation, you can only secure Level-1 Wildcard domains.
For Example if your Wildcard SSL certificate is for *.domain-name.com, you are allowed to secure Lelve-1 sub-domains as
- blog.domain-name.com
- login.domain-name.com
- anything.domain-name.com
Now What if you wish to secure the sub-domain of a particular sub-domain? - This is your case.
And here, the Wildcard SSL for *.domain-name.com will not work. The ultimate solution is, you need to but Wildcard SSL Certificate for that particular sub-domain. This is called Second Level sub-domain security.
So if you wish to secure 2nd Level sub-domains of blog.domain-name.com, you need to purchase wildcard SSL certificate for *.blog.domian-name.com. Now you are allowed to secure following type of sub-domains as..
- user1.blog.domain-name.com
- user2.blog.domain-name.com
- user3.blog.domain-name.com
- user4.blog.domain-name.com
来源:https://stackoverflow.com/questions/37924467/ssl-wildcard-sub-domain-www-sub-domain-com