Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas: > On 04.08.20 17:29, Leroy Tennison wrote: >> I have a situation where, due to the system's location (IP subnet), >> its DNS >> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a >> certificate for *.datavoiceint.com which we prefer to use > > wildcard in certificates only covers one level of subdomains, so > *.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not > anything under it. > > you will have to strip the <webserver> part or get other certificate
proper wildcard certifiocates are looking like this X509v3 Subject Alternative Name: DNS:*.buildserver.thelounge.net DNS:*.thelounge.net DNS:thelounge.net in other words: you have "*.domain.tld" and "domain.tld" in your SAN _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users