[liammonahan]

This is cute. Does this have any practical value? You would never get someone to sign it obviously, and for self-signed certs you have no revokability here without reissuing a cert to everything in your domain. Most people with a PKI setup don't need this, right?

This is still very cheeky, though!

[Ayesh]

I suppose you can use such certificate to MITM yourself to inspect the traffic to/from nodes you control, but pretty much every tool out there has features to generate certificates on the fly.

[guenthert]

You mean like HTTP(S) proxies and deep-inspection firewalls?

[Ayesh]

Any software or hardware that needs to intercept HTTPS.

One common example is antivirus software that block malicious content. It can install this wild-wildcard certificate, and act as a proxy to all sites the user visits. There are obvious security issues to it of course.