Or is the Microsoft CA widlcard ONLY vaild for .domain.com and if I want to cover *.uat.doman.com too I will need this to included this into the SAN as well?
it is not Microsoft CA-specific. It is RFC standard. Wildcard covers only one level and wildcard can appear only once in domain name and must be leftmost part of domain name. That is, *.domain.com
:
will cover:
-
uat.domain.com
-
prod.domain.com
don't cover:
-
*.uat.domain.com
-
*.prod.domain.com
You have to include all three names in SAN.