Hi!
Which hostname do I need to request for the certificate when the
servers are load-balanced using DNS-SRV?
Do I need to get the cert for the DNS-SRV subdomain (without
_sip._tls) or for the servers, eg. server0{1,2,3}.pbx.example.com ?
Thank you!
Kevin
___
Hi Kevin
You need TLS certificate for domain which you will setup on SIP clients to
connect to.
So if your SIP domain is pbx.example.com and you will provide DNS-SRV
record for it - then you need TLS certificate for pbx.example.com
--
Best regards,
Sergey Basov e-mail: sergey.
Actually. Careful. There are scenarios where just doing that will not work.
The RR headers will have your FQDN most likely if you don’t want to break
reinvites
So for that to work you will need either multiple certs, a wildcard cert,
or a cert with multiple SANs where you include the “pbx.example