Let’s say I have an SSL certificate that is installed on the server for domain example.com. The server is set up to use the same certificate for subdomain sub.example.com, however the certificate doesn’t cover any subdomains as it has been purchased only for example.com. Now obviously, when I go to sub.example.com, the browser will first complain about wrong certificate but will allow me to “continue anyway”. When I choose to continue anyway and access sub.example.com via SSL this way is my connection still secure? If it is less secure than when having a valid certificate then how less secure is it, what aspects of security are compromised?
One of the use cases is for admin panels, etc. which are used only by a couple of developers so it’s not really a problem if each of them adds a security exception to their browser - but is the transmission still secure?
Mostly. You get encryption but not the guarantee that you are viewing the correct website. Someone could override your networks DNS server and point sub.example.org to any server and the user would never know.
As you mentioned above, you already issued certificate for a single domain (example.com) and installed on your server. So, it can secure only your main website and its root domains (web pages).
For example –
* example.com
* example.com/any-web-pages
To secure your subdomains, you need to have wildcard certificate and the certificate will be issued for *.example.com. It will secure your example.com and it’s all subdomains.
Go with “continue anyway” is not right option to ignore error. Because it’s just browser settings and only you are able to access your website in particular browser. But what about end-users? they will get warning message while browsing your site.
Actually, your subdomains are not fully secured, so hackers can interrupt your communications across subdomains.