A certificate with a CN of *.domain.com does not cover *.blah.domain.com. On Wed, Apr 11, 2018 at 11:14 AM, Jeremy <[email protected]> wrote:
> We keep failing our PCI compliance over what I believe is an error on > their side. Our wildcard cert covers *.bluespring.me, which is used on > multiple servers. They are wanting an exact match to our domain on the CN, > which is "65-126-126-5.dia.static.bluespring.me". To me, *.bluesping.me > IS a match. If I change the CN to that specific billing server then it > will not match the website server. It was my understanding that this is > the entire point of having a wildcard cert. Anyone else ever gone through > this? Does their analysis that *.bluespring.me is NOT a match seem right > to everyone here? > >
