I generate my ssl keys via openssl use this commands:
openssl req -passin pass:3a1b -new -key server.key -out server.csr;
cp server.key server.key.org;
openssl rsa -passin pass:3a1b -in server.key.org -out server.key;
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt;
Also i add my localdomain as Common Name set to *.localdomain.sweb. but when user accept certification for domain www.localdomain.sweb domains another.localdomain.sweb also need to be accepted.
How can i set all sub domains as valid certificate when user accept main domain certificate.
The answer is simple: DO NOT USE SELF-SIGNED CERTIFICATES.
Your users' browser is (quite correctly) insisting that they accept an invalid (self-signed/unknown authority) certificate for each domain. This is because the browser has no way of knowing that the certificate they're accepting for
www.localdomain.swebis also valid foranother.localdomain.sweb(because there's no valid signing authority attesting to the certificate).If you acquire a proper certificate signed by a recognized certificate authority (or alternatively establish your own CA and distribute its public key to your clients as a recognized certificate authority) the browser will trust it for all domains in the wildcard, because it's properly signed, and therefore duly authorized (since presumably the CA performed some validation before issuing the certificate).