I have a Web Server that requires certificate authentication, and I am trying to connect to it using curl (version 7.81.0-1ubuntu1.18) and a client certificate. Unfortunately I am getting the following error from curl:
curl: (60) SSL: no alternative certificate subject name matches target host name 'tekrar.lacuna.evolvedbinary.com'. The full curl command I am running is: curl -vv --cacert /etc/puppetlabs/puppetserver/ca/ca_crt.pem --cert /etc/puppetlabs/puppet/ssl/certs/tekrar.lacuna.evolvedbinary.com.pem --key /etc/puppetlabs/puppet/ssl/private_keys/tekrar.lacuna.evolvedbinary.com.pem https://tekrar.lacuna.evolvedbinary.com:8081 The full output from curl looks like: * Trying 172.30.1.254:8081... * Connected to tekrar.lacuna.evolvedbinary.com (172.30.1.254) port 8081 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/puppetlabs/puppetserver/ca/ca_crt.pem * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Request CERT (13): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, CERT verify (15): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=GB; ST=Devon; L=Sampford Peverell; O=Evolved Binary; OU=SysOps; CN=tekrar.lacuna.evolvedbinary.com; emailAddress=sys...@evolvedbinary.com * start date: Jan 24 16:54:18 2024 GMT * expire date: Jan 23 16:54:18 2027 GMT * subjectAltName does not match tekrar.lacuna.evolvedbinary.com * SSL: no alternative certificate subject name matches target host name 'tekrar.lacuna.evolvedbinary.com' * Closing connection 0 * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS alert, close notify (256): curl: (60) SSL: no alternative certificate subject name matches target host name 'tekrar.lacuna.evolvedbinary.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. As far as I can see hostname matches the CN in the server certificate. So I am not sure why it is complaining about ALT names. Any ideas? I have access to the client, server, and cert files if you would like me to check anything? Thanks, Adam. -- Adam Retter skype: adam.retter tweet: adamretter http://www.adamretter.org.uk -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
