info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: CNAME restrictions
18 views
Skip to first unread message
Matus UHLAR - fantomas
Aug 4, 2020, 1:35:00 PM8/4/20
to bind-...@lists.isc.org
On 04.08.20 17:29, Leroy Tennison wrote:
>I have a situation where, due to the system's location (IP subnet), its DNS
> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a
> certificate for *.datavoiceint.com which we prefer to use
wildcard in certificates only covers one level of subdomains, so
*.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not
anything under it.
you will have to strip the <webserver> part or get other certificate.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
>I have a situation where, due to the system's location (IP subnet), its DNS
> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a
> certificate for *.datavoiceint.com which we prefer to use
wildcard in certificates only covers one level of subdomains, so
*.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not
anything under it.
you will have to strip the <webserver> part or get other certificate.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
Reindl Harald
Aug 10, 2020, 4:38:40 AM8/10/20
to bind-...@lists.isc.org
Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas:
> On 04.08.20 17:29, Leroy Tennison wrote:
>> I have a situation where, due to the system's location (IP subnet),
>> its DNS
>> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a
>> certificate for *.datavoiceint.com which we prefer to use
>
> wildcard in certificates only covers one level of subdomains, so
> *.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not
> anything under it.
>
> you will have to strip the <webserver> part or get other certificate
proper wildcard certifiocates are looking like this
>> I have a situation where, due to the system's location (IP subnet),
>> its DNS
>> name is <webserver>.<internal subdomain>.datavoiceint.com. We have a
>> certificate for *.datavoiceint.com which we prefer to use
>
> wildcard in certificates only covers one level of subdomains, so
> *.datavoiceint.com will cover <internal subdomain>.datavoiceint.com but not
> anything under it.
>
> you will have to strip the <webserver> part or get other certificate
X509v3 Subject Alternative Name: DNS:*.buildserver.thelounge.net
DNS:*.thelounge.net
DNS:thelounge.net
in other words: you have "*.domain.tld" and "domain.tld" in your SAN
0 new messages