CNAME restrictions

Reindl Harald h.reindl at
Tue Aug 4 17:50:08 UTC 2020

Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas:
> On 04.08.20 17:29, Leroy Tennison wrote:
>> I have a situation where, due to the system's location (IP subnet),
>> its DNS
>> name is <webserver>.<internal subdomain>  We have a
>> certificate for * which we prefer to use
> wildcard in certificates only covers one level of subdomains, so
> * will cover <internal subdomain> but not
> anything under it.
> you will have to strip the  <webserver> part or get other certificate

proper wildcard certifiocates are looking like this

X509v3 Subject Alternative Name: DNS:*

in other words: you have "*.domain.tld" and "domain.tld" in your SAN

More information about the bind-users mailing list