CNAME restrictions
Reindl Harald
h.reindl at thelounge.net
Tue Aug 4 17:50:08 UTC 2020
Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas:
> On 04.08.20 17:29, Leroy Tennison wrote:
>> I have a situation where, due to the system's location (IP subnet),
>> its DNS
>> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a
>> certificate for *.datavoiceint.com which we prefer to use
>
> wildcard in certificates only covers one level of subdomains, so
> *.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not
> anything under it.
>
> you will have to strip the <webserver> part or get other certificate
proper wildcard certifiocates are looking like this
X509v3 Subject Alternative Name: DNS:*.buildserver.thelounge.net
DNS:*.thelounge.net
DNS:thelounge.net
in other words: you have "*.domain.tld" and "domain.tld" in your SAN
More information about the bind-users
mailing list