cloudflared tunnel login a wildcard certificate is generated for all subdomains, *.example.com.
To me this is never a wanted outcome since I don’t want any compromised machine to be able to choose any other domain than what I assign to it.
So far I have manually revoked that cert and created a new one in the origin cert section in the dashboard.
Then I replaced private key and cert in
The only part left is the argo token.
The goal is to make sure machine only has access to create a tunnel using the specific subdomain and nothing else in case that machine is compromized.
Is it possible to directly specify a specific subdomain so the local installation only have access to create a tunnel for that domain?
Are there there other security considerations I need to consider?