10

Hoping this is the right stack to ask in. If not, please direct me to the correct one.

I am working with a client right now, and I need to know if their SSL certificate supports wildcard domains or not. The engineers on their side aren't aware of the answer, and I'm afraid it will take them too long to find out.

Is there a way to know this or not based on the certificate viewable in the browser?

Geuis
  • 637
  • 3
  • 8
  • 20

2 Answers2

7

the ssl certificate is tied into a domain name - so simply inspect the certificate and if the domain listed is *.domain.com then it is a wildcard - if the domain is domain.com then it is specific to that domain.

l0ft13
  • 181
  • 7
  • Thanks. If I check the certificate on their homepage, its in the format *.domain.com. If I check their login page, the cert appears as login.domain.com. Also, from another https page https://ui.domain.com, the Common Name in the cert is listed as ui.domain.com. So does it mean that all the subdomains are being covered under *.domain.com, or do they have individual certs for each section of their site? – Geuis Aug 17 '12 at 21:07
  • Looks like they have they have one wildcard certificate + some regular certificates –  Aug 17 '12 at 23:04
3

This can be done by checking for the common name in the SSL's subject. You can use the bash command openssl on *NIX clients.

For instance, google.com and www.google.com use two different SSLs. The first is a wildcard, the second is domain specific.

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -subject | grep -o "CN=.*" | cut -c 4-
*.google.com
$ echo | openssl s_client -connect www.google.com:443 2>/dev/null | openssl x509 -noout -subject | grep -o "CN=.*" | cut -c 4-
www.google.com
Steve Robbins
  • 1,932
  • 5
  • 23
  • 26