Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL: unable to obtain common name from peer certificate

Tags:

curl

https

ssl

Sorry, My mistake, there's two things must be highlighted:

The CA cert Common Name must not same to the server/client side cert
The server/client side cert's common name must be same

I'm trying to using self-signed certificate for HTTPS Client side certificate. But, there's a problem " SSL: unable to obtain common name from peer certificate "

As you can see, the server side cert contains Common Name, why this problem occurs?

Here's curl output:

  • About to connect() to 127.0.0.1 port 443 (#0)
  • Trying 127.0.0.1... connected Enter PEM pass phrase:
  • successfully set certificate verify locations:
  • CAfile: /home/freeman/dev/git/ca_tools/ca_tools/ssl/CA/secure_ca.crt CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server key exchange (12):
  • SSLv3, TLS handshake, Request CERT (13):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS handshake, CERT verify (15):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using ECDHE-RSA-AES256-SHA
  • Server certificate:
  • subject: C=CN; ST=Beijing; L=Beijing; O=XiaoMi
  • start date: 2014-05-14 12:50:20 GMT
  • expire date: 2024-05-11 12:50:20 GMT
  • SSL: unable to obtain common name from peer certificate
  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):

Here's
#openssl x509 -in server.crt -text -noout

Certificate: Data: Version: 1 (0x0) Serial Number: 15298562268347408844 (0xd44f6953eb0aa1cc) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, ST=Beijing, L=Beijing, O=OKK, OU=Test, CN=MyComp Validity :

like image 855
Freeman Zhang Avatar asked Dec 20 '22 15:12

Freeman Zhang

2 Answers

Try CURLOPT_SSL_VERIFYHOST=0 or curl -k

like image 109
Little Code Avatar answered Dec 28 '22 05:12

Little Code

Without knowing the data used to generate the CSR, it looks like the last component of your DN does not contain a CN attribute with the target host name. Typically SSL library clients will only check the first component for the CN attribute equal to the target host name. I would reverse the DN order and add a CN attribute with the host name.

If you provide more details on how you generated the CSR I would be happy to help you figure out how to fix it.

like image 23
Mark Avatar answered Dec 28 '22 07:12

Mark
Sign in to Comment

Related questions

PHP curl put 500 error
Error when running curl inside script (No such file or directory)
cURL is retrieving encoded HTML from Pirate Bay
unable to post file+data using python-requests
How to send an OPTIONS request using PHP
Download OneDrive file from cURL since they've changed their URL's construction
How to make post request in CURL with Perfect
Add GitHub Team in Org to a REPO
Why is curl using HTTP/1.1 rather than HTTP/2 on mac?
Fetching and deleting a message over IMAP using cURL
Get the "CURL" operation from each Rest Assured test and print in the console when not pass the test
Simple GET request with PHP cURL to send SMS text message
CURLOPT_POSTFIELDS has a length or size limit?
Prevent remote script using PHP CURL from logging into website
HTML sends x y POST data with no inputs - how is this possible?
PHP REST client API call
How do I curl multiple resources in one command?
Programmatically assessing if a domain has Google Apps or not

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!