Hi, I use Postfix & Dovecot with TLS / SSL - it authenticates / works fine - except I'm always getting this ugly SSL cert warning messages mit MTAs. It says that the following: "You have attempted to establish a connection with "server". However, the security certificate presented belongs to "*.server". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site." Is there a serverside solution that I wont get that any more? Why is * as a wildcard not working? Iwonder How gMail or other providers solve that issue Regards
Leander, On 7/10/10 2:14 PM, "Leander S." <leander.schaefer at googlemail.com> wrote:> "You have attempted to establish a connection with "server". However, > the security certificate presented belongs to "*.server". It is > possible, though unlikely, that someone may be trying to intercept your > communication with this web site."IIRC, wildcard certificates are only valid for subdomains. *.domain.com would be valid for a.domain.com, b.domain.com, but not domain.com. It also relies upon the client supporting wildcard certs. -Brad
Leander S. <leander.schaefer at googlemail.com> (Sa 10 Jul 2010 23:14:45 CEST):> Hi, > > I use Postfix & Dovecot with TLS / SSL - it authenticates / works > fine - except I'm always getting this ugly SSL cert warning messages > mit MTAs. > It says that the following: > > > "You have attempted to establish a connection with "server". > However, the security certificate presented belongs to "*.server". > It is possible, though unlikely, that someone may be trying to > intercept your communication with this web site."~~~~~~~~~~~~~~~~ Web site?> Is there a serverside solution that I wont get that any more? Why is > * as a wildcard not working? Iwonder How gMail or other providers > solve that issueIf a wildcard is accepted, depends on the client. Some clients enforce at least two labels (domains) following the wildcard (like: *.example.com). Why do you really need a wildcard cert? Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann HS12-RIPE ----------------------------------------- gnupg encrypted messages are welcome - key ID: 48D0359B --------------- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20100712/04be429c/attachment-0002.bin>