通配符 SSL 证书可以在没有子域的情况下工作吗?
[英]Would a wildcard SSL Certificate work without a sub-domain?
问题描述
We have to update our SSL certificate for an other year with a new COMODORS certificate.
我们必须使用新的 COMODORS 证书更新一年的 SSL 证书。
We've had a old certificate (GeoTrust) with *.domain.ch which is correct from the naming aspect but expired from the date.我们有一个带有*.domain.ch的旧证书 (GeoTrust),它在命名方面是正确的,但从日期开始就过期了。
Now we've falsely made one with *domain.ch without the first dot.现在我们错误地使用*domain.ch制作了一个没有第一个点的文件。 This should be a wildchart certificate for our domain.ch.这应该是我们 domain.ch 的通配符证书。 Will this work or can this be the problem for server not starting after this SSL certificate update?这会起作用还是可能是此 SSL 证书更新后服务器无法启动的问题?
2 个解决方案
解决方案1
0 已采纳 2017-10-23 10:08:12
No it will not work.不,它不会工作。 This certificate will match against wwwdomain.ch but not www.domain.ch.此证书将与 wwwdomain.ch 匹配,但不与 www.domain.ch 匹配。 But, no public CA should issue such a certificate in the first place since you could this way impersonate foo-domain.ch etc, ie domains which don't belong to you.但是,任何公共 CA 都不应该首先颁发这样的证书,因为您可以通过这种方式模拟 foo-domain.ch 等,即不属于您的域。
解决方案2
0 2017-10-23 10:51:11
If this certificate is in a pipeline to get issue then it won't get issued.如果此证书正在发行的管道中,则不会颁发。 If got issued erroneously then you have to re-issue the certificate from the vendor or the CA as the *domain.ch won't work.如果被错误地颁发,那么您必须重新颁发来自供应商或 CA 的证书,因为 *domain.ch 将不起作用。
can this be the problem for server not starting after this SSL certificate update?这可能是此 SSL 证书更新后服务器无法启动的问题吗?
Server won't start as there is a mismatch in the domain name服务器无法启动,因为域名不匹配
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.