Understanding Certificate Domain Validation

Certificates bind cryptographic keys to specific domain names. During validation, browsers compare the accessed URL with domains listed in the certificate. Modern certificates use Subject Alternative Names to support multiple domains, replacing the deprecated Common Name field. Wildcard certificates match subdomains using *.example.com notation but don't cover multiple subdomain levels.

Examine certificate domains using:

# View certificate domains
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -text | grep -A1 "Subject Alternative Name"

# Using browser DevTools
# Navigate to Security tab → View Certificate → Details → Subject Alternative Name