Bart Remans
Reputation: 135
SSL Hostname mismatch although CN of client and server match
I generated a ca-certificate, server-certificate and client-certificate using the guidelines of rabbitmq (https://www.rabbitmq.com/ssl.html#manual-certificate-generation)
But I keep getting an error Hostname mismatch when checking the certs with openssl s_server.
openssl s_server -accept 8443 -cert server_certificate.pem -key private_key.pem -CAfile ca_certificate.pem
openssl s_client -connect localhost:8443 -cert client_certificate -key private_key.pem -CAfile ca_certificate.pem -verify 8 -verify_hostname CN_NAME
RESULT:
Verify return code: 62 (Hostname mismatch)
When I read the hostnames, they both show the same..?
openssl x509 -in server_certificate -subject -noout
subject=CN = MyTestCA, O = server
openssl x509 -in client_certificate -subject -noout
subject=CN = MyTestCA, O = client
So I'm stuck why I'm getting the error 'Hostname mismatch'?
Upvotes: 2
Views: 3674
Answers (1)
Bart Remans
Reputation: 135
Error is due to using the same CN for the CA and server. Solved it by using another CN for the CA.
Upvotes: 3
Related Questions
- OpenSSL Wrong Host Name
- TLS handshake hostname mismatch even when SNI matches with server-certificate subject name
- an SSL certificate is issued for a wrong hostname (HP MFD)
- Weird SSL common name mismatch
- Secured SSL connection Error: unknown protocol | bad hostname lookup
- Hostname in certificate didn't match?
- The host name in the certificate is invalid - R
- SSL Certificate issue: CN entry doesn't match with hostname in URL
- java the host name doesn't match the certificate
- Hostname / IP doesn't match certificate's altname