String.Concat ("*.", String.ReplaceFirstMatch (URL.Host, regex(^.*?\.(.*?)$), "\1")) is in list Certificate.SSL.AlternativeCNs
Basically, it does the following:
Take URL.Host and clip off the first string up to the first period: www.google.com = google.com
Pastes a "*." in front of it: *.google.com
Checks it against the the AlternativeCNs string list.
It's not checking for a regex match of the URL.Host to the CN list, but instead does a string match of "*.google.com" = "*.google.com"
Test it by going to https://www.youtube.com
You should be able to get there whereas, it would have blocked before.
I did not think to take the problem the other way round, and to make a wildcard string from the URL.Host instead of trying to match with a list of wildcard strings. It works as expected.
Thank you very much.