On 2017/03/21 09:23, Walter Alejandro Iglesias wrote: > I don't know if what I read time ago about how to correctly request a CA > to use with original sendmail is still important and applicable > (currently I use opensmtpd). > > As far as I understood, you must use your FQDN as the principal name in > your certificate. That's why I use 'server.roquesor.com' (my machine > name) instead of just the domain name 'roquesor.com' as the principal > name. > > I don't know if Let's Encrypt people, since they thought their > certificates mostly for web sites, didn't care about documenting this > detail or if it's not important anymore. > > In case this is still important perhaps could be useful to mention it in > the man page (or in FAQ). > > >
It shouldn't matter, if subjectAltName is present you're not even supposed to look at the primary name..
