12

Can you get an Extended Validation SSL certificate that applies to unlimited subdomains? Does it make technical sense? I'm using Digicert and they said that it wasn't possible to offer such a product.

MikeN
  • 8,442
  • 5
  • 23
  • 18

2 Answers2

10

Zoredache is correct. The EV Guidelines do not allow CAs to issue wildcard EV certificates. It does allow them to add multiple SAN names that can cover different subdomains or different domains and some providers are offering products that take advantage of this, but they are not wildcard certificates, just UC or SAN certificates.

So it is possible to cover "multiple" subdomains with an EV certificate but not "unlimited" subdomains.

Robert
  • 1,575
  • 7
  • 7
  • Somewhere I saw a statement that only TLD domains are possible on SAN, but wikipedia http://en.wikipedia.org/wiki/Extended_Validation_Certificate shows example on SSL.COM, where domains like support.ssl.com. So can I have some third level domain name in SAN or not ? – Radek Nov 11 '14 at 18:49
4

The guidelines seem to explicitly forbid usages of wildcards in EV certs.

http://cabforum.org/EV_Certificate_Guidelines_V11.pdf

Certificate Field subject:commonName (OID 2.5.4.3) or SubjectAlternativeName:dNSName Required/Optional Required Contents This field MUST contain one or more host domain name(s) owned or controlled by the Subject and to be associated with Subject’s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates are not allowed for EV certificates.

Zoredache
  • 130,897
  • 41
  • 276
  • 420