Subdomain and wildcard certificate RRS feed

  • Question

  • Hi,

    I received a wildcard certificate for "*".

    The production environment has a DC with domain

    The QA environment has a DC with domain myQAEnv

    In the QA environment, I have a webserver I need to expose to the internet and use the wildcard certificate to enable HTTPS. The webserver IP address is in the form 10.x.x.x which I think is a private address.

    I'm a developer, so I have have some doubts on this:

    -The wildcard certificate is issued to a DNS domain and has nothing to do with the internal organization DC domain name, wright?

    -Can I use that wildcard certificate "*" to secure my QA webserver as long as I have the webserver with a public IP address corresponding to a DNS name in the form

    -Does the "www"  belong to the wildcard? I mean the wildcard certificate "*" can be used for "" or should I have a wildcard certificate with "*.*" for that matter?

    Thank you so much,


    Wednesday, June 28, 2017 9:14 AM

All replies

  • Your question really has nothing to do with the subject of the forum where you posted, however, lets give it a go.

    A wildcard certificate secures a DNS domain and ANY subdomains of it.

    * is valid for including and event

    "*" means all.  Or in this case; all prior to ""

    You MUST have DNS name resolution working.  That is critical.  And a DNS record can point to any IP (the IP is simply where the server is, the name matters for the certificate to be considered valid).

    Also, by default, client machines must have the root CA - so for self generated certificates, you need to share the root CA certificate to all clients.  Or else only the one client were you generated the certificate will be able to consider it valid.

    Brian Ehlert
    Learn. Apply. Repeat.

    Wednesday, June 28, 2017 3:57 PM