SSL错误“在链中找不到所需的服务器名称。”
SSL错误“在链中找不到所需的服务器名称。”
提问于 2020-01-27 05:10:45
正在尝试连接到安全MQTT代理。获取错误:
Expected server name was not found in the chain.到底哪里出了问题?这是否意味着我的CA自签名证书没有关于主机名的信息?
CA证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:51
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Validity
Not Before: Jan 26 20:52:34 2020 GMT
Not After : Jan 25 20:52:34 2021 GMT
Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:0d:d2:2f:a6:90:40:2e:c5:89:eb:63:f1:ab:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
89:18:C2:70:17:6B:FB:CE:5B:DF:D0:AA:66:23:E3:44:71:23:E4:DE
X509v3 Authority Key Identifier:
keyid:89:18:C2:70:17:6B:FB:CE:5B:DF:D0:AA:66:23:E3:44:71:23:E4:DE
DirName:/C=US/ST=California/L=Hawthorne/O=PhilNet/CN=34.245.0.159
serial:25:31:48:1F:D0:21:0C:99:89:E3:0B:DB:3E:6A:34:95:CE:E8:FD:51
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign
X509v3 Subject Alternative Name:
IP Address:34.245.0.159, DNS:ec2-34-245-0-159.eu-west-1.compute.amazonaws.com, DNS:ip-172-31-45-21
Signature Algorithm: sha1WithRSAEncryption
4c:41:d3:bb:c7:db:a3:57:91:c2:ef:41:1a:10:a0:34:90:ff:
...服务器证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:52
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Validity
Not Before: Jan 26 20:52:34 2020 GMT
Not After : Jan 25 20:52:34 2021 GMT
Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:64:50:6a:9a:7c:90:d8:a6:71:8b:ca:c4:30:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
A4:DF:EB:2B:6E:B8:07:62:D7:00:10:95:28:78:7D:FD:A3:D2:78:7E
X509v3 Subject Alternative Name:
IP Address:34.245.0.159, DNS:ec2-34-245-0-159.eu-west-1.compute.amazonaws.com, DNS:ip-172-31-45-21
Signature Algorithm: sha1WithRSAEncryption
0b:40:b4:65:7b:8a:21:70:3f:4c:4e:49:61:9b:09:75:d6:d3:客户端证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:53
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Validity
Not Before: Jan 26 20:52:35 2020 GMT
Not After : Jan 25 20:52:35 2021 GMT
Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 192.168.1.110
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:43:55:fa:97:a1:23:2b:58:d0:64:2b:e6:6b:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
1B:3F:DD:36:F4:5D:48:FD:6F:DF:58:6F:FE:BE:3A:C3:37:BD:93:77
X509v3 Subject Alternative Name:
IP Address:192.168.1.110
Signature Algorithm: sha1WithRSAEncryption
31:48:a6:1c:c8:39:57:91:8c:09:4e:7e:33:09:df:7a:a7:d9:如何解决这个问题?
回答 1
Stack Overflow用户
发布于 2020-12-03 00:16:03
我已经修复了这个问题,在生成所有证书时,我在CN (公用名)上给出了我的蚊子服务器的域名/子域名。
Common Name (CN) : your.mosquitto-server.com注意:客户端/服务器证书的主题和颁发者不能相同。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/59922773
复制相关文章
相似问题
腾讯云开发者
