I'm trying to create certificate for both test and *.test. I'm using minica to generate it and everything goes well (alt names are added):
X509v3 Subject Alternative Name:
DNS:*.test, DNS:test
(and CA certificate is added to browsers' trusted root certification authorities store) but the certificate is rejected by both chrome and firefox.
Although you can create a valid certificate for second-level domain or even top level domain those certificates won't be respected by the browsers for security reasons (i.e. certificate for *.com would be very dangerous). So even though test is a reserved domain name that can't be registered by any registrar, the certificate will be rejected.
When you try to do this with mkcert you'll get pretty nice warning:
Warning: many browsers don't support second-level wildcards like *.test ⚠️
Use i.e. app.test + *.app.test instead.