diff --git a/src/client.c b/src/client.c
index 3ab468c..76dc707 100644
--- a/src/client.c
+++ b/src/client.c
@@ -37,6 +37,10 @@ host_config *get_host_config(const char *host) {
         host_config *hc = &config->hosts[i];
         if (hc->type == CONFIG_TYPE_UNSET) break;
         if (strcmp(hc->name, host) == 0) return hc;
+        if (hc->name[0] == '*' && hc->name[1] == '.') {
+            const char *pos = strstr(host, hc->name + 1);
+            if (pos != NULL && strlen(pos) == strlen(hc->name + 1)) return hc;
+        }
     }
     return NULL;
 }
diff --git a/src/necronda-server.c b/src/necronda-server.c
index 0d3802c..321451e 100644
--- a/src/necronda-server.c
+++ b/src/necronda-server.c
@@ -50,14 +50,8 @@ void openssl_init() {
 static int ssl_servername_cb(SSL *ssl, int *ad, void *arg) {
     const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
     if (servername != NULL) {
-        for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
-            const host_config *conf = &config->hosts[i];
-            if (conf->type == CONFIG_TYPE_UNSET) break;
-            if (strcmp(conf->name, servername) == 0) {
-                SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
-                break;
-            }
-        }
+        const host_config *conf = get_host_config(servername);
+        if (conf != NULL) SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
     }
     return SSL_TLSEXT_ERR_OK;
 }