SSL certificate categorization does not work for sub-domains when the OCS presents a wildcard certificate.