HTTPS

[Eric Murray]

On 08/22/2013 05:25 PM, Adam Back wrote:

> 
> (I really dont think a browser vendor would accept *.com nor
> especially *. as a valid site cert wildcard.  It does get fiddly
> because you also want *.co.uk etc to be invalid but they have some
> built in tables of such things to differentiate a TLD from a
> domain).


About three years ago I looked at that code on WebOS (Palm smart
phones).  The code came from Webkit which is what Google's and Apple's
browsers were based on.

It did not accept *.com, certainly not *., and had some complex logic
to decide what to accept.  I doubt that Mozilla accepts *.com or *. as
well.

Few modern CAs issue certs with wildcards in the CN. Instead they use
the SubjectAlternateName extension which can have multiple entries,
reducing or eliminating the need for wildcards.

Eric