Mailinglist Archive: opensuse (1690 mails)

< Previous Next >
Re: [opensuse] Configure smtp_auth/postfix/dovecot for mobile device relay - quick howto - request for comment
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Wed, 09 Nov 2011 08:02:36 +0100
  • Message-id: <j9d8ic$ls8$>
David C. Rankin wrote:

On 11/08/2011 01:17 AM, Per Jessen wrote:
David C. Rankin wrote:

# Common Name (* is also possible)

Why not use the actual hostname?

It really has to do with CNAME or server aliases in /etc/hosts. Say
one box is also known as '', '',
'', '', etc...

Right, that's fine, but the machine really has just one name - which is
returned when you do a reverse lookup of the IP. (with apache SNI you
can have multiple certificates per IP, but that's a different story).

My understanding is the '*' CN prevents any potential
conflict from a cert standpoint when SSL/TLS authentication is invoked
from the different servers (ssh, sftp, saslauthd, https, etc...)

There is no conflict, it's the hostname that counts. For instance, I've
got a mailserver that hosts a couple of virtual domains, so it can be
reached as and The actual name
is "" and that matches the CN (for IMAP and SASL).

Per Jessen, Zürich (8.2°C)

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >