SAN wildcard for whole domain TLD

Question

Is it possible to make SAN wildcard self-signed certificate for whole local TLD (.test)?

[ san ]
subjectAltName                  = @alt_names

[ alt_names ]
DNS.1                           = localhost
DNS.2                           = *.test

Then i've added this certificate to a Keychain (MacOS), but browser complains, when i try to visit: domain.test, it says that certificate belongs to a localhost, but not to a domain.test

score 2 · Answer 1 · edited Oct 07 '21 at 07:34

2

Yes, this is technically valid according to RFC 6125.

However, many web browsers have decided to reject wildcards on the TLD for security reasons.

See: Can a wildcard SSL certificate be issued for a second level domain? | Information Security Stack Exchange

edited Oct 07 '21 at 07:34

Community

1

answered Mar 19 '18 at 08:26

grawity

501,077

SAN wildcard for whole domain TLD

1 Answers1