<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hello,<br clear="all"></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Is it permitted to use the wildcard TLS certificates for Kamailio server?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">In reality, it works (tested with v.5.4) but the RFC-5922 disables the wildcard certificates usage:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">"<span style="font-family:Arial,Helvetica,sans-serif">Implementations MUST match the values in their entirety:</span></div><pre class="gmail-newpage">         Implementations MUST NOT match suffixes.  For example,
         "<a href="http://foo.example.com">foo.example.com</a>" does not match "<a href="http://example.com">example.com</a>".

         Implementations MUST NOT match any form of wildcard, such as a
         leading "." or "*." with any other DNS label or sequence of
         labels.  For example, "*.<a href="http://example.com">example.com</a>" matches only
         "*.<a href="http://example.com">example.com</a>" but not "<a href="http://foo.example.com">foo.example.com</a>".  Similarly,
         ".<a href="http://example.com">example.com</a>" matches only ".<a href="http://example.com">example.com</a>", and does not match
         "<a href="http://foo.example.com">foo.example.com</a>".
</pre><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">(Ref.:<a href="https://tools.ietf.org/html/rfc5922#section-7.2">https://tools.ietf.org/html/rfc5922#section-7.2</a>)</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">To be honest, I don't understand why this restriction is good for...</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Is somebody aware of a newer RFC that removes this limitation?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Best regards,<br>Leonid Fainshtein<br><br></div></div></div>