cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Wildcard carts don’t support SANs

I’m noticing that wildcard cents do not support san values...is this correct? I’m using the digicert utility to generate the CSR with SAN values, however the final cert does NOT have those SAN values. Am I doing something wrong? This seems like a very basic feature to have, so why don’t GoDaddy wildcard cents support SAN values? 

5 REPLIES 5
Moderator
Moderator
Solution

Re: Wildcard carts don’t support SANs

Hi @jaysonknight, thanks for posting.

That is correct, Wildcard SSLs do not support SANs. They secure a single domain and all it's subdomains.

If you wish to secure all subdomains for multiple domains, it would require multiple wildcard SSLs. If you wish to secure multiple domains, but do not need to secure all subdomains, you might want to consider using a UCC SSL instead.

 

Gary - GoDaddy | Community Moderator
24/7 Support | Check System Status

Re: Wildcard carts don’t support SANs

Thanks for the info. I’m attempting to secure an AD FS installation, and for device registration, it requires that the enterpriseregistration.<domain> be in the SAN. I’ve read quite a few MSFT communities posts that point to this being a bug in the implementation, since MSFT’s own documentation says you can use a wildcard cert to secure everything, OR a SAN cert w/ enterpriseregistration.<domain> as a SAN. In this case, enterpriseregistration.<domain> is a subdomain of the main adfs installation I’m securing. Very frustrating, but this looks to be a MSFT bug.

Moderator
Moderator

Re: Wildcard carts don’t support SANs

Thanks for following up @jaysonknight.

Sorry to hear about the trouble you're still having with this. I do hope you're able to find a solution that works for this or if the issue is on Microsoft's end they resolve this.

 

Gary - GoDaddy | Community Moderator
24/7 Support | Check System Status

Re: Wildcard carts don’t support SANs

Np Gary. Is it normal that wildcard certs don’t support SAN values? This is a pilot program we’re running (I’m a solutions architect for a financial technology firm), and our deadline obviously won’t coincide with MSFT fixing this, so my boss has told me we need a solution sooner than later. We’d hate to have to go with a competitor. Our security architect is on vacation so I don’t have him to tap for his expertise. Obviously a wildcard should cover *all* of this since the enterpriseregistration subdomain is..well...a subdomain. Unfortunately we have to implement a hybrid device join solution for now, though eventually it’ll be Azure only where it’ll be MSFT only certs issued by Azure.

 

Thanks for your promptness in keeping up with this thread...this is why we LOVE GoDaddy.

Moderator
Moderator

Re: Wildcard carts don’t support SANs

Hi @jaysonknight.

None of GoDaddy's SSLs have supported both SANs and Wildcards. It might be necessary for you to use multiple SSLs if you both need a Wildcard SSL and the application does not support Wildcard SSLs.

 

Gary - GoDaddy | Community Moderator
24/7 Support | Check System Status