Our consul-domain is “cool.com” and we have a service “sometool”, and we have “dev/staging/prod” environments where the service an be deployed. I wanted to use Consul tags for the different environments. Thus the service could be found using the following names:
The issue is we get our certificates issued from CA, and we currently use one certificate for all services, thus we would need a double wildcard cert:
Unfortunately, this is not supported by the CA.
Is there any workaround to this? Can the tag come second?
For e.g. sometool.dev.service.cool.com
Then we could have one certificate *.dev.service.cool.com and that would work across all our services.