I have a site hosted on a remote server on IIS that has two 'https' bindings that are secured with the same SSL certificate. The first binding is 
But when i load the site with the 'www' the result is an insecure site.
When i click on the certificate and check the details, I can see that the subject value is:
CN=*.local.com
and the value under the Subject Alternative Names is:
DNS Name=*.local.com
DNS Name=www.*.local.com
I would guess a simple alteration to the certificate creation command would solve this problem that I am having but I don't know for sure. Any ideas?
CodePudding user response:
As you guessed, this issue is happening because of the certificate. If you want to secure both local.example.com and www.local.example.com, you'd need to issue the certificate with the following:
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "*.local.com","*.example.local.com" -FriendlyName "local_iis_cert" -NotAfter (Get-Date).AddYears(10) -KeyAlgorithm RSA -KeyLength 2048
Unfortunately, it's not possible to create a certificate that can secure www.anything.local.com, however you can include multiple subdomains if you wish by specifying additional *.subdomain.local.com.
RFC6125 details the following:
If a client matches the reference identifier against a presented identifier whose DNS domain name portion contains the wildcard character '*', the following rules apply:
- The client SHOULD NOT attempt to match a presented identifier in which the wildcard character comprises a label other than the left-most label (e.g., do not match bar.*.example.net).
The wildcard character MUST appear at the very start (left most part) of the DNS name part.