堆栈内存溢出
  简体   繁体   English

使用.cer的curl请求

[英]curl request using a .cer

 原文  2016-08-08 17:26:46       ssl/ ssl-certificate/ hostname/ cer

问题描述

I am new to ssl and openssl. 我是ssl和openssl的新手。 I am trying to generate a curl request using a .cer file (without using the -k or -insecure flags). 我正在尝试使用.cer文件生成卷曲请求(不使用-k或-insecure标志)。 After generating the .pem file, I tried to issue the POST request the following way: curl --cacert certificate.pem -XPOST " https://server_ip:server_port?obj1=okay " 生成.pem文件后,我尝试按以下方式发出POST请求:curl --cacert certificate.pem -XPOST“ https:// server_ip:server_port?obj1 = okay

When I use my server IP address, I get the error message: curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate. 当我使用我的服务器IP地址时,收到错误消息:curl:(51)无法与对等方安全通信:请求的域名与服务器的证书不匹配。

If I use localhost.localdomain instead of the server_ip, the request is generated correctly. 如果我使用localhost.localdomain而不是server_ip,则会正确生成请求。

I understand that ssl certificate can only certify one hostname. 我知道ssl证书只能证明一个主机名。 Is there a way to change the hostname to the server's ip address instead of localhost.localdomain? 有没有办法将主机名更改为服务器的IP地址而不是localhost.localdomain?

Thank you 谢谢

1 个解决方案

解决方案1
 0  2016-08-08 17:34:28

If I use localhost.localdomain instead of the server_ip, the request is generated correctly. 如果我使用localhost.localdomain而不是server_ip,则会正确生成请求。

You must access a host using a host name that the certificate has been issued for. 您必须使用已颁发证书的主机名访问主机。 There really isn't much of a way around that with curl other than to use -insecure as you already specified you didn't want to do. 除了使用-insecure之外,还有很多方法可以解决这个问题,因为你已经指定了你不想做的事情。

I understand that ssl certificate can only certify one hostname. 我知道ssl证书只能证明一个主机名。

Most user agents, and just about all browsers, support Subject Alternative Names, which lets you specify many. 大多数用户代理和几乎所有浏览器都支持主题备用名称,它允许您指定多个。 Browsers will usually read the first 100 SANs. 浏览器通常会读取前100个SAN。 SANs can even support IP addresses. SAN甚至可以支持IP地址。

Is there a way to change the hostname to the server's ip address instead of localhost.localdomain 有没有办法将主机名更改为服务器的IP地址而不是localhost.localdomain

Usually that is done through DNS. 通常这是通过DNS完成的。 Though, since it looks like you are trying to use a loopback, you might just be able to edit your HOSTS file to contain whatever name you want to point to a loopback address. 虽然,因为看起来您正在尝试使用环回,但您可能只能编辑HOSTS文件以包含您想要指向环回地址的任何名称。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 .cer 客户端证书来执行这样的 cURL 请求? - How to use a .cer client certificate in order to perform a cURL request like this? 如何将.CER 与 curl_easy_setopt 一起使用 - how to use .CER with curl_easy_setopt 不带https方案的带有.key和.cer的HTTP请求 - HTTP Request with .key and .cer without https scheme 只能由Apache2 Web服务器上的CURL访问CER证书 - Make a CER Certificate accessible only by CURL on Apache2 Web-Server 使用.cer而不是.p12对android上的服务器进行身份验证 - Using a .cer instead of a .p12 to authenticate to a server on android 使用证书.cer连接到Java Project中的Web服务 - Connect to Web Service in Java Project using a certificate .cer 使用 Guzzle 通过 Curl 请求传递客户端证书 - Passing client certificates through Curl request using Guzzle cURL SSL 请求失败 - cURL SSL request fails cURL SSL请求失败 - cURL SSL Request Failure CURL请求崩溃SSL - CURL Request crashes SSL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM