Our product is running postfix and nginx as docker services. We initially deploy with a self-signed cert that is named <our-company>.com.cert
along with a .pem
and .key
. These are mounted as a volume which is shared for both services. It is expected that an end user would upload their own cert when deploying the application within their network. Our existing implementation renames whatever is uploaded by the user to match our default cert names. This allows us to overwrite the certs, then bounce the service without having to update any service config.
In a customer network, the hostname will not be our company's domain. All of the doc I've been able to find reference the common name or SAN, which I believe is baked into the file itself. However, the examples consistently show the cert filename matching the domain name. Is this just a convention, or does the filename actually matter?