Groups | Search | Server Info | Login | Register
Groups > comp.protocols.dns.bind > #16048
| From | Reindl Harald <h.reindl@thelounge.net> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: CNAME restrictions |
| Date | 2020-08-04 19:50 +0200 |
| Organization | the lounge interactive design |
| Message-ID | <mailman.800.1597048674.942.bind-users@lists.isc.org> (permalink) |
| References | <YQXPR01MB38780C7AAD14F0009B63741CCD4A0@YQXPR01MB3878.CANPRD01.PROD.OUTLOOK.COM> <YQXPR01MB3878DEDA813E42EE01166478CD4A0@YQXPR01MB3878.CANPRD01.PROD.OUTLOOK.COM> <20200804173448.GA10336@fantomas.sk> <cfca2c4e-9bd2-b4d7-3b2e-eaf7365f7afa@thelounge.net> |
Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas: > On 04.08.20 17:29, Leroy Tennison wrote: >> I have a situation where, due to the system's location (IP subnet), >> its DNS >> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a >> certificate for *.datavoiceint.com which we prefer to use > > wildcard in certificates only covers one level of subdomains, so > *.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not > anything under it. > > you will have to strip the <webserver> part or get other certificate proper wildcard certifiocates are looking like this X509v3 Subject Alternative Name: DNS:*.buildserver.thelounge.net DNS:*.thelounge.net DNS:thelounge.net in other words: you have "*.domain.tld" and "domain.tld" in your SAN
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: CNAME restrictions Reindl Harald <h.reindl@thelounge.net> - 2020-08-04 19:50 +0200
csiph-web