正在尝试连接到安全的 MQTT 代理。收到错误:
Expected server name was not found in the chain.
那里到底出了什么问题?这是否意味着我的 CA 自签名证书没有关于主机名的信息?
CA 证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:51
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Validity
Not Before: Jan 26 20:52:34 2020 GMT
Not After : Jan 25 20:52:34 2021 GMT
Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:0d:d2:2f:a6:90:40:2e:c5:89:eb:63:f1:ab:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
89:18:C2:70:17:6B:FB:CE:5B:DF:D0:AA:66:23:E3:44:71:23:E4:DE
X509v3 Authority Key Identifier:
keyid:89:18:C2:70:17:6B:FB:CE:5B:DF:D0:AA:66:23:E3:44:71:23:E4:DE
DirName:/C=US/ST=California/L=Hawthorne/O=PhilNet/CN=34.245.0.159
serial:25:31:48:1F:D0:21:0C:99:89:E3:0B:DB:3E:6A:34:95:CE:E8:FD:51
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign
X509v3 Subject Alternative Name:
IP Address:34.245.0.159, DNS:ec2-34-245-0-159.eu-west-1.compute.amazonaws.com, DNS:ip-172-31-45-21
Signature Algorithm: sha1WithRSAEncryption
4c:41:d3:bb:c7:db:a3:57:91:c2:ef:41:1a:10:a0:34:90:ff:
...
服务器证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:52
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Validity
Not Before: Jan 26 20:52:34 2020 GMT
Not After : Jan 25 20:52:34 2021 GMT
Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:64:50:6a:9a:7c:90:d8:a6:71:8b:ca:c4:30:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
A4:DF:EB:2B:6E:B8:07:62:D7:00:10:95:28:78:7D:FD:A3:D2:78:7E
X509v3 Subject Alternative Name:
IP Address:34.245.0.159, DNS:ec2-34-245-0-159.eu-west-1.compute.amazonaws.com, DNS:ip-172-31-45-21
Signature Algorithm: sha1WithRSAEncryption
0b:40:b4:65:7b:8a:21:70:3f:4c:4e:49:61:9b:09:75:d6:d3:
客户端证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:53
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
Validity
Not Before: Jan 26 20:52:35 2020 GMT
Not After : Jan 25 20:52:35 2021 GMT
Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 192.168.1.110
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:43:55:fa:97:a1:23:2b:58:d0:64:2b:e6:6b:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
1B:3F:DD:36:F4:5D:48:FD:6F:DF:58:6F:FE:BE:3A:C3:37:BD:93:77
X509v3 Subject Alternative Name:
IP Address:192.168.1.110
Signature Algorithm: sha1WithRSAEncryption
31:48:a6:1c:c8:39:57:91:8c:09:4e:7e:33:09:df:7a:a7:d9:
如何解决?
我已经通过在生成所有证书时在 CN(公用名(上提供我的蚊子服务器的域/子域名来解决此问题。
Common Name (CN) : your.mosquitto-server.com
注意:客户端/服务器证书的主题和颁发者不应相同。