On 11/08/2011 01:17 AM, Per Jessen wrote:
David C. Rankin wrote:
<snip>
# Common Name (*.example.com is also possible) CN=*.yourTLD.com
Why not use the actual hostname?
It really has to do with CNAME or server aliases in /etc/hosts. Say one box is also known as 'www.yourTLD.com', 'hostname.yourTLD.com', 'ftp.yourTLD.com', 'mail.yourTLD.com', etc... My understanding is the '*.example.com' CN prevents any potential conflict from a cert standpoint when SSL/TLS authentication is invoked from the different servers (ssh, sftp, saslauthd, https, etc...) I've never really gotten a concise "why?" answer, but that is my best guestimate at the legitimate reason why... Anybody else with more info on this, please chime in, I'm curious as well... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org