Having wildcard(*) SSL certificate in common name (CN) issues? Here’s what you can do about it
Are you having issues with your wildcard SSL certificate, or have you seen a message akin to “WILDCARD(*) SSL CERTIFICATE IN COMMON NAME (CN)?” The second half of this question is actually a fairly misleading one because it’s a hyper-specific error that is really just a variant of a more common wildcard SSL error. So, if you have a wildcard SSL certificate installed on your server and you’re running into this issue, keep reading.
This could potentially be, in part, because of an unfortunate tendency by some certificate authorities (CAs) and resellers to mislead a little bit on the wildcard front — or a failure to educate their users about how wildcard SSL certificates truly work. Wildcard SSL certificates are sometimes marketed as securing unlimited subdomains, but that’s only half true — all of the sub-domains have to be on the same level of the URL. A standard wildcard doesn’t secure subdomains at all levels, only the designated one. This is a very important distinction.
What Causes This SSL Common Name Wildcard Error
So, what does this error mean for you and your site? Essentially, it means that the certificate is being installed on higher-level subdomains than the wildcard certificate has been designated for. That’s what creates the WILDCARD (*) SSL CERTIFICATE IN COMMON NAME error. This specific variation of the error occurs in an environment where a Dynamic Invocation Interface (DII) web service java client invoking .NET SOAP web service is operating.
How to Fix the SSL Common Name Wildcard Error on Your Site
The fix is actually pretty simple — you need to list the additional subdomain levels you’d like to encrypt in the SAN fields of your certificate signing request (CSR). Keep in mind that as you go to higher subdomain levels, the complexity of securing them with individual wildcards increases. For instance, if you have two different sub-domains and each has its own (second-level) subdomain, you would need three wildcards to secure everything. One for the first-level sub-domains, and then one each with the first-level subdomain explicitly listed and the wildcard character at the second level of the URL.
Fortunately, there’s a much simpler solution. A multi domain wildcard can consolidate everything on to a single certificate. You list the second- and third-level subdomains you’re securing as wildcard SANs and the certificate can be installed everywhere without generating the aforementioned error.
Just keep in mind that the more sites you’re using the same key pair on, the less secure that key pair becomes. Also, there’s no extended validation (EV) version of the multi domain wildcard. (Such a thing is strictly prohibited by the CA/B Form). But then, there’s no EV version of a standard wildcard, either. So, you probably already knew that.
Need to buy a multi domain wildcard SSL certificate to secure your domain? We’ve got you covered!
Purchase a Multi Domain Wildcard Certificate & Save Up to 84%
We offer the best discount on all types of Multi Domain Wildcard SSL Certificates, including PositiveSSL, Comodo CA, and Sectigo Multi-Domain Wildcard SSL certificates.