On Mon, Nov 4, 2013 at 1:09 PM, Kim Alvefur wrote:
> On 2013-11-04 03:01, Peter Kieser wrote:
> > Shouldn't the SSL certificate CN match the hostname listed in the "IN
> > SRV" record, since that's the hostname a S2S connection will open to.
>
> No! The domain should match a subjectAltName. Ign
On 2013-11-04 03:01, Peter Kieser wrote:
> Shouldn't the SSL certificate CN match the hostname listed in the "IN
> SRV" record, since that's the hostname a S2S connection will open to.
No! The domain should match a subjectAltName. Ignore hostnames, ignore
commonNames.
Exceptions are either fall