Last but not least, AFAIK the wildcard scheme is an old proprietary Netscape invention and is not really standardized, so some clients might not understand it.
From RFC 2595: Using TLS with IMAP, POP3 and ACAP Section 2.4. Server Identity Check
A "*" wildcard character MAY be used as the left-most name
component in the certificate. For example, *.example.com would
match a.example.com, foo.example.com, etc. but would not match
example.com.
It is unclear, though likely, that this is specific to SubjectAltName (vs. SubjectDN), but I think I've seen other similarly worded RFC's explicitly mention the SubjectDN.
However, I agree. SubjectAltName (dNSName type) is a better idea. The problem is that you have to get the CA to support it.
-andy
------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
