I need to secure services operating under my root domain (e.g. example.com) and one or more services operating under subdomains of that root domain (e.g. api.example.com, mail.example.com, etc). I can request single-domain, multi-domain, or wildcard SSL certificates from my university by generating a CSR and specifying my needs.
However, I'm confused as to how I might generate a wildcard CSR that will cover both my root and subdomain FQDNs. That is, if I generate a CSR for *.example.com, it seems like my root domain will no longer be covered.
Therefore, my question is: do I need to generate two CSRs (one wildcard, one single-domain) in order to get the certificates for the domains that I am looking to secure? I realize this might be a very basic question, but please bear with me.
