我在本地网络上设置了一个服务器,但HTTPS连接的故障排除受阻。当我使用curl -v进行请求时,我被告知"请求的域名与服务器的证书不匹配。">
但输出本身似乎表明域确实匹配:"reg.qa">
这里真正的问题是什么?
$ curl -v https://reg.qa/
* Added reg.qa:443:172.18.0.4 to DNS cache
* About to connect() to reg.qa port 443 (#0)
* Trying 172.18.0.4...
* Connected to reg.qa (172.18.0.4) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=reg.qa,OU=Web Test,O=MYORG,ST=CA,C=US
* start date: Mar 11 20:53:04 2020 GMT
* expire date: Mar 10 20:53:04 2025 GMT
* common name: reg.qa
* issuer: CN=reg.qa,OU=Web Test,O=MYORG,ST=CA,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
- NSS错误-12276(SSL_error_BAD_CERT_DOMAIN(
据我所知,NSS的新版本要求证书使用使用者替代名称(SAN(来描述有效域。使用通用名称(CN(已经过时很多年了,一些浏览器和TLS堆栈不久前就开始强制执行这一点。