ssl wildcard sub domain www.sub.domain.com

问题

I've purshase a wildcard ssl certificat for *.domain.com. I use:

• startssl provider for ssl certificat
• Apache VirtualHost

I want every request to be redirected to HTTPS NO-WWW

I managed to do this:

• http://sub.domain.com => https://domain.com is ok
• http://www.sub.domain.com => https://sub.domain.com is ok

BUT

https://www.sub.domain.com => https://domain.com is NOT OK (NET::ERR_CERT_COMMON_NAME_INVALID)

Can you help me ?

<VirtualHost *:80>
 ServerName sub.domain.com
 Redirect permanent / https://sub.domain.com
</VirtualHost>
<VirtualHost *:80>
 ServerName www.sub.domain.com
 Redirect permanent / https://sub.domain.com
</VirtualHost>
Listen 443
<VirtualHost *:443>
 ServerAdmin mail@domain.com
 ServerName sub.domain.com
 ServerAlias www.sub.domain.com
 DocumentRoot  /home/sub.domain.com
 <Directory />
  Options FollowSymLinks
  AllowOverride None
 </Directory>
 <Directory  /home/sub.domain.com>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride All
  Order allow,deny
  allow from all
 </Directory>
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
 SSLCertificateFile   /etc/ssl/2__.sub.domain.com.crt
 SSLCertificateKeyFile  /root/sub.domain.com.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

回答1:

A wildcard certificate for *.domain.com (first domain sub domain) is not valid for www.sub.domain.com (second level sub domain). You will need a wilcard certificate for *.sub.domain.com.

See SSL Multilevel Subdomain Wildcard

回答2:

You might have misconstrued about Wildcard SSL functionality. Let me elaborate below in depth, Wildcard SSL certificate works on asterisk (*). You can assume of any sub domain in the place of asterisk.

Example 1: If you have issued SSL certificate *.domain.com, it will secure,

https://domain.com
https://www.domain.com
https://mail.domain.com
https://video.domain.com
https://anything.domain.com

But it won’t secure second level sub-domain.

Example 2: Now if you have issued cert on *.sub.domain.com, it will secure,

https://sub.domain.com
https://mail.sub.domain.com
https://photo.sub.domain.com
https://anything.sub.domain.com

Wildcard SSL issued on *.sub.domain.com will not secure any URLs under Example 1.

Now if you want to secure all the above URLs (Example 1 + 2), than you should go with Multi Domain Wildcard certificate. It will give you a facility to protect multiple level sub-domains with single certificate.

回答3:

Discussing about Wildcard SSL Certificate in details.

The main function of Wildcard SSL is to secure website and its unlimited number of sub-domains.

But there are some limitation, you can only secure Level-1 Wildcard domains.

For Example if your Wildcard SSL certificate is for *.domain-name.com, you are allowed to secure Lelve-1 sub-domains as

• blog.domain-name.com
• login.domain-name.com
• anything.domain-name.com

Now What if you wish to secure the sub-domain of a particular sub-domain? - This is your case.

And here, the Wildcard SSL for *.domain-name.com will not work. The ultimate solution is, you need to but Wildcard SSL Certificate for that particular sub-domain. This is called Second Level sub-domain security.

So if you wish to secure 2nd Level sub-domains of blog.domain-name.com, you need to purchase wildcard SSL certificate for *.blog.domian-name.com. Now you are allowed to secure following type of sub-domains as..

• user1.blog.domain-name.com
• user2.blog.domain-name.com
• user3.blog.domain-name.com
• user4.blog.domain-name.com

来源：https://stackoverflow.com/questions/37924467/ssl-wildcard-sub-domain-www-sub-domain-com