在证书名称中使用 IP 地址的例外情况
Exception on using IP address in certificate name
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname
97.xx.xxx.xxx not verified:
certificate: sha256/tjx1IRiuC1TmxlIIhW8FWOxoaFoY2E3mECOgtGW0Jqk=
DN: O=Internet Widgits Pty Ltd, ST=Some-State, C=AU
subjectAltNames: [97.xx.xxx.xxx]
证书详情
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
XXXXXXX
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Some-State, O = Internet Widgits Pty Ltd
Validity
Not Before: Apr 22 17:42:36 2019 GMT
Not After : Apr 20 17:42:36 2024 GMT
Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
XXXXX
Exponent: XXX
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:XXXXX
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
DNS:97.XX.XXX.XXX
Signature Algorithm: sha256WithRSAEncryption
XXXXXX
我在使用带有 IP 地址的证书时遇到上述错误。我还应该做些什么来创建带有 IP 地址的证书吗? Hostname not verified: exception
的原因是什么
我能够按照 Steffen 在评论中的建议让它工作,我将域 IP 地址添加到类型为 IP 的 subjectAltName。
openssl x509 -req -in certificate_sign_req.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out signed_certificate.crt -days 1825 -sha256 -extfile <(cat <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = ${domain}
EOF
)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname 97.xx.xxx.xxx not verified: certificate: sha256/tjx1IRiuC1TmxlIIhW8FWOxoaFoY2E3mECOgtGW0Jqk= DN: O=Internet Widgits Pty Ltd, ST=Some-State, C=AU subjectAltNames: [97.xx.xxx.xxx]
证书详情
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
XXXXXXX
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Some-State, O = Internet Widgits Pty Ltd
Validity
Not Before: Apr 22 17:42:36 2019 GMT
Not After : Apr 20 17:42:36 2024 GMT
Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
XXXXX
Exponent: XXX
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:XXXXX
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
DNS:97.XX.XXX.XXX
Signature Algorithm: sha256WithRSAEncryption
XXXXXX
我在使用带有 IP 地址的证书时遇到上述错误。我还应该做些什么来创建带有 IP 地址的证书吗? Hostname not verified: exception
我能够按照 Steffen 在评论中的建议让它工作,我将域 IP 地址添加到类型为 IP 的 subjectAltName。
openssl x509 -req -in certificate_sign_req.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out signed_certificate.crt -days 1825 -sha256 -extfile <(cat <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = ${domain}
EOF
)