anyone using certificates with an empty principals section?
Carson Gaspar
carson at taltos.org
Fri Nov 28 05:40:32 AEDT 2025
On 11/26/2025 12:21 AM, Damien Miller wrote:
> To make it possible to do wildcard host certificates, I'd like to
> add the ability to do explicit wildcards using '*' characters in
> principals, e.g. "*.example.com".
That would make my life easier, as we have hosts with multiple
interfaces named as "foo.${FQDN}" for various values of "foo". Currently
I have to enumerate all possible names when generating a host cert,
being able to include "*.${FQDN}" would make things easier, and not
require a re-issue on interface change.
--
Carson
More information about the openssh-unix-dev
mailing list