Questions tagged [wildcard]
The wildcard tag has no usage guidance.
37
questions
5
votes
2
answers
1k
views
How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS ...
1
vote
1
answer
56
views
Does the CORS asteriks / wildcard include both encrypted and unencrypted origins?
Does the CORS asteriks / wildcard (*) include both encrypted (https) and unencrypted origins (http)? And is the null origin (i.e., when a local file is doing a xmlhttprequest, or within an iframe ...
0
votes
0
answers
2k
views
How to search for any file with a specified extension using Gobuster
A website allocates random file names to uploads and I am trying to enumerate through the folder that the files are uploaded to using Gobuster.
I know the extension of my file type, but not the file ...
9
votes
2
answers
3k
views
Do subdomains of a TLD with mandatory HTTPS require a wildcard certificate?
Many new TLDs have mandatory HTTPS requirements. Is there a way to disable that for subdomains? If not does that mean an expensive wildcard SSL certificate will need to be used with these domains?
So ...
0
votes
0
answers
636
views
How to generate PFX file for Wild Card SSL Certificate using Openssl Command in Linux
I want to generate PFX file for my Wild Card SSL Certificate. I am using below mentioned command to generate the same however getting error message:
openssl pkcs12 -export -out ./star_domain_com.pfx -...
0
votes
0
answers
19
views
Should a wildcard cert. e.g. *.example.com, be accepted to authenticate the root domain not listed as SAN? [duplicate]
(This has been marked a duplicate of SSL Cert for sub.domain.com and www.sub.domain.com, but while it's correct that the answer to this question is present in the answers there, that question is ...
1
vote
1
answer
2k
views
Wildcard Certificates and Client Authentication for Machine Authentication
If a wildcard certificate is provisioned for *.domain.fqdn, and has Client Authentication as a defined usage, does this mean the certificate can be used to essentially impersonate any domain machine?
...
1
vote
2
answers
2k
views
HTTPS IP devices and certificate best practices, why can't I sign a certificate for my local ip device?
I have a IPv4 network behind a pfSense firewall at my small business. We have around 200 IP devices on the network. We have about 30 Axis IP cameras which have MJPG streams embedded into webpages as ...
0
votes
1
answer
295
views
Are all web servers for a domain wildcard certificate supposed to have the same private key?
If I have three web servers that all have the same CSR based on a domain, *.domain.com, does that mean all the servers have the same private key? I know it's a short question, but I am not sure of ...
0
votes
1
answer
444
views
Securing DNS by blocking querys AND responses [Dnscrypt questions]
Visiting facebook.com you will query s.update.fbsbx.com. s.update.fbsbx.com is a CNAME to s.agentanalytics.com. Currently, the only way to block s.agentanalytics.com is to block s.update.fbsbx.com via ...
1
vote
0
answers
5k
views
Creating a PFX File for Wildcard SSL Certificate
I am trying to install a Wildcard SSL Certificate in IIS on Windows Server. It only accepts the .pfx file format for importing & installing an SSL certificate for hosted applications. I got the ....
1
vote
2
answers
2k
views
Why does Access-Control-Allow-Headers: * have no effect?
Although the OPTIONS returns * for Allow-Headers I'm getting the following CORS response.
Access to XMLHttpRequest at 'https://example1.com' from origin 'https://example2.net' has been blocked by ...
2
votes
1
answer
1k
views
How do partial wildcards in subjectAltName dNSName interact with IDNA domains?
For instance if I run IDNA encode bücher.tld you receive xn--bcher-kva.tld. Now imagine the certificate for https://bücher.tld has the following field within subjectAltName: (dNSName, xn--bcher*.tld).
...
1
vote
1
answer
544
views
Workaround for no www.subdomain.domain coverage on wildcard cert [closed]
Edit: Would deleting the www.hungry.example.org DNS record be a good solution if there are no links to it?
I have a domain (example.org) and a subdomain (hungry.example.org). Until recently they had ...
1
vote
1
answer
197
views
Bash wildcards - Manipulate globbing to delete arbitrary files
I am currently auditing a plugin and have the following situation (simplified for example purposes):
<?php
$post_id = false;
$absolute_path = "/var/www/html/wordpress/cache";
$extension = ".min....