DNS resolution and SSL coverage for multi level subdomain wildcard

mallen1 · February 21, 2025, 3:33pm

What is the name of the domain?

https://aa.bb.cc.ezfacility.com/

What is the error message?

net::ERR_CERT_COMMON_NAME_INVALID

What is the issue you’re encountering

DNS is resolving and SSL does not cover domain. Reported by ASV scanner as vunlerability.

What steps have you taken to resolve the issue?

Opened support case.

What are the steps to reproduce the issue?

We have a wildcard CNAME rec in DNS for *.ezfacility.com. This is required for our application.
Goto https://aa.bb.cc.ezfacility.com in browser, get certificate warning. Note this is multi level subdomain.
Confirm warning. and final page displayed is “403 Forbidden, cloudflare” page.

Our ASV picked a random multi level subdomain and marked it as a vulnerability. I chose aa.bb.cc at random–anything will trigger the same behavior.
Ideally only .ezfacility.com would resolve in DNS, not ...ezfacility.com.

Laudian · February 21, 2025, 3:50pm

Then you need to create individual records instead of a wildcard.

mallen1 · February 21, 2025, 6:44pm

Sounds like what I want is not possible. It would not be viable to guess all of the random combinations, and I’m forced to use the wildcard per our app. For now I’ll just cover the multi-level domain that was randomly chosen and mark the vulnerability as solved.

system · February 23, 2025, 6:45pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sub-domain certificate issue DNS & Network	5	792	June 23, 2023
Trouble with Multi-Level Subdomain DNS DNS & Network	3	5968	February 17, 2021
Impossible to create origin SSL certificate for wildcard to setup my DNS properly DNS & Network	16	31	February 14, 2025
Wildcard ssl subdomain Security	4	930	August 27, 2023
Multi-level subdomain "wildcard" SSL Security dns , dash-ssl-tls	7	24504	June 18, 2021