On 5/8/2019 12:32 AM, surya chandrika wrote: > Disabling CURLOPT_SSL_VERIFYHOST worked. Yes as you said this is not > recommended. > But am not sure why certificate with correct hostname is not > recognized from uploaded certificate. > I added certificate in path "/etc/pki/ca-trust/source/anchors/ > In verbose mode it says it got 5 certificate >> * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt >> * *found 5 certificates in /etc/pki/ca-trust/source/anchors/* >> * >> * >> *But throw error *SSL: certificate subject name (#1300) does not >> match target host name 'abc.com <http://abc.com/> > Any idea why certificate is not recognized
If abc.com is a hostname in the certificate then you should not see that message. Check if OpenSSL gives different results: (HOST=abc.com ; echo | openssl s_client -servername $HOST -connect $HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST) Instead of -checkhost $HOST you can use -text to dump the certificate details. You should see the hostname in X509v3 Subject Alternative Name.
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
