I’m noticing that wildcard cents do not support san values...is this correct? I’m using the digicert utility to generate the CSR with SAN values, however the final cert does NOT have those SAN values. Am I doing something wrong? This seems like a very basic feature to have, so why don’t GoDaddy wildcard cents support SAN values?
Solved! Go to Solution.
Hi @jaysonknight, thanks for posting.
That is correct, Wildcard SSLs do not support SANs. They secure a single domain and all it's subdomains.
If you wish to secure all subdomains for multiple domains, it would require multiple wildcard SSLs. If you wish to secure multiple domains, but do not need to secure all subdomains, you might want to consider using a UCC SSL instead.
Thanks for the info. I’m attempting to secure an AD FS installation, and for device registration, it requires that the enterpriseregistration.<domain> be in the SAN. I’ve read quite a few MSFT communities posts that point to this being a bug in the implementation, since MSFT’s own documentation says you can use a wildcard cert to secure everything, OR a SAN cert w/ enterpriseregistration.<domain> as a SAN. In this case, enterpriseregistration.<domain> is a subdomain of the main adfs installation I’m securing. Very frustrating, but this looks to be a MSFT bug.
Np Gary. Is it normal that wildcard certs don’t support SAN values? This is a pilot program we’re running (I’m a solutions architect for a financial technology firm), and our deadline obviously won’t coincide with MSFT fixing this, so my boss has told me we need a solution sooner than later. We’d hate to have to go with a competitor. Our security architect is on vacation so I don’t have him to tap for his expertise. Obviously a wildcard should cover *all* of this since the enterpriseregistration subdomain is..well...a subdomain. Unfortunately we have to implement a hybrid device join solution for now, though eventually it’ll be Azure only where it’ll be MSFT only certs issued by Azure.
Thanks for your promptness in keeping up with this thread...this is why we LOVE GoDaddy.