I plan on getting a wildcard certificate for my domain like *.example.com, but I've heard varying reports about whether it will also work with second-level subdomains like *.subdomain.example.com -- reports that it works in Firefox but not in other browsers.
If I want it to work with all browsers, will I need to purchase a wildcard certificate for *.subdomain.example.com?
Is there a place for more definitive information on how this works and with what browsers?
Matching in wildcard certificates is done on a level-by-level basis, so if you want a certificate that will work for foo.sub.example.com as well as bar.example.com, you need a certificate that has alt names of both *.sub.example.com and *.example.com. If you wanted to also match baz.xyzzy.example.com you'd then need *.*.example.com (instead of *.sub.example.com). It all gets rather unpleasant, and you'd probably need to have a thorough chat with (and a phat checkbook for) your SSL certificate provider, as I can't imagine it's something they deal with daily.
You either need to get separate wildcard certificates for each level, or have your SSL provider put in multiple levels or specific hostnames as SANs in the wildcard certificate for *.example.com (if you can find a provider to do this).
