Question:I have a site hosted on a remote server on IIS that has two ‘https’ bindings that are secured with the same SSL certificate. The first binding is https://example.local.com and the second https://www.example.local.com. On my local pc I have added the site (
18.104.22.168 example.local.com www.example.local.com) to the Hosts file and added the certificate to the Trusted Root Certificates Authorities location.
When creating the certificate, this is the command that I ran on powershell,
But when i load the site with the ‘www’ the result is an insecure site.
When i click on the certificate and check the details, I can see that the subject value is:
Answer:As you guessed, this issue is happening because of the certificate. If you want to secure both local.example.com and www.local.example.com, you’d need to issue the certificate with the following:
RFC6125 details the following:
If a client matches the reference identifier against a presented identifier whose DNS domain name portion contains the wildcard character ‘*’, the following rules apply: The client SHOULD NOT attempt to match a presented identifier in which the wildcard character comprises a label other than the left-most label (e.g., do not match bar.*.example.net).
The wildcard character MUST appear at the very start (left most part) of the DNS name part.
If you have better answer, please add a comment about this, thank you!