Hi,
I use Postfix & Dovecot with TLS / SSL - it authenticates / works fine - except I'm always getting this ugly SSL cert warning messages mit MTAs. It says that the following:
"You have attempted to establish a connection with "server". However, the security certificate presented belongs to "*.server". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site."
Is there a serverside solution that I wont get that any more? Why is * as a wildcard not working? Iwonder How gMail or other providers solve that issue
Regards
Leander,
On 7/10/10 2:14 PM, "Leander S." <leander.schaefer@googlemail.com> wrote:
"You have attempted to establish a connection with "server". However, the security certificate presented belongs to "*.server". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site."
IIRC, wildcard certificates are only valid for subdomains. *.domain.com would be valid for a.domain.com, b.domain.com, but not domain.com. It also relies upon the client supporting wildcard certs.
-Brad
Leander S. <leander.schaefer@googlemail.com> (Sa 10 Jul 2010 23:14:45 CEST):
Hi,
I use Postfix & Dovecot with TLS / SSL - it authenticates / works fine - except I'm always getting this ugly SSL cert warning messages mit MTAs. It says that the following:
"You have attempted to establish a connection with "server". However, the security certificate presented belongs to "*.server". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site." ~~~~~~~~~~~~~~~~
Web site?
Is there a serverside solution that I wont get that any more? Why is
- as a wildcard not working? Iwonder How gMail or other providers solve that issue
If a wildcard is accepted, depends on the client. Some clients enforce at least two labels (domains) following the wildcard (like: *.example.com).
Why do you really need a wildcard cert?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann HS12-RIPE ----------------------------------------- gnupg encrypted messages are welcome - key ID: 48D0359B --------------- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
participants (3)
-
Brandon Davidson
-
Heiko Schlittermann
-
Leander S.