[SR-Users] Using wildcard certificates for Kamailio server
Leonid Fainshtein
leonid.fainshtein at xorcom.com
Thu Aug 6 14:37:51 CEST 2020
Hello,
Is it permitted to use the wildcard TLS certificates for Kamailio server?
In reality, it works (tested with v.5.4) but the RFC-5922 disables the
wildcard certificates usage:
"Implementations MUST match the values in their entirety:
Implementations MUST NOT match suffixes. For example,
"foo.example.com" does not match "example.com".
Implementations MUST NOT match any form of wildcard, such as a
leading "." or "*." with any other DNS label or sequence of
labels. For example, "*.example.com" matches only
"*.example.com" but not "foo.example.com". Similarly,
".example.com" matches only ".example.com", and does not match
"foo.example.com".
(Ref.:https://tools.ietf.org/html/rfc5922#section-7.2)
To be honest, I don't understand why this restriction is good for...
Is somebody aware of a newer RFC that removes this limitation?
Best regards,
Leonid Fainshtein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200806/13996a23/attachment.htm>
More information about the sr-users
mailing list