Home / server / Questions / 871171
Accepted
eeijlar
Asked: 2017-08-30 21:41:03 +0800 CST

Can't secure sub domain with SSL

  • 772

I am trying to secure a sub domain:

bitbucket.kl.company.com

The certificate is for *.company.com. So I get an error:

bitbucket.kl.company.com uses an invalid security certificate. The certificate is only valid for the following names: *.company.com, company.com, bitbucket-mirror.company.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

The puzzling thing is that some browsers don't complain, and load the page as expected. Is my certificate wrong? Can I order a certificate specifically for bitbucket.kl.company.com, and not use *.company.com?

ssl

2 Answers

  1. Best Answer

    This is a wildcard certificate and is valid only for third levels such as name.company.com and not fourth levels as the desired bitbucket.kl.company.com

    You need to use another certificate for either the specific domain name or get a wildcard one for *.kl.company.com

    • 8

  2. The certificate is for *.company.com. So I get an error:

    This is expected behaviour, as @whites11 already pointed out in his answer

    The puzzling thing is that some browsers don't complain, and load the page as expected.

    The problem here is: The implementation of wildcard certificate handling is pretty bad and especially quite inconsistent across browser vendors and versions. Don't expect them to work consistently on all platforms.

    Can I order a certificate specifically for bitbucket.kl.company.com, and not use *.company.com?

    Yes you can. You just have to proof the ownership/control of bitbucket.kl.company.com to your favorite CA (e.g. Lets Encrypt) and they will issue said TLS certificate to you.

    • 1