How can I resolve the error "certificate subject name does not match target host name"?

Mike picture Mike · Dec 29, 2016 · Viewed 54.3k times · Source
  curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer 90d2c018-73d1-324b-b121-a162cf870ac0' 'https://172.17.0.1:8243/V1.0.2/stock/getNA?name=te'

The terminal prompted

"curl: (51) SSL: certificate subject name (localhost) does not match target host name '172.17.0.1' "

Howerver ,after I changed the "172.17.0.1" to "localhost", It worked and got the result.

Why ? Is not there somewhere wrong configuration? Meanwhile ,there is no log in http_access.log.

Answer

Jenananthan picture Jenananthan · Dec 29, 2016

When ssl handshake happens client will verify the server certificate. In the verification process client will try to match the Common Name (CN) of certificate with the domain name in the url. if both are different host name verification will fail. In your case certificate has CN as local host and when you try to invoke using ip address , it fails. When you create the cert you can have single host name / multiple host name / wild card host name as CN value

For more details https://tersesystems.com/2014/03/23/fixing-hostname-verification/ https://support.dnsimple.com/articles/what-is-common-name/