Thanks James for your suggestion. So according to you, I must use the domain name and not the IP address anymore in my request. Thanks again.
On Friday, November 10, 2017 at 11:09:59 PM UTC+5:30, James Schneider wrote: > > > > On Nov 10, 2017 3:45 AM, "Rahul Paul" <[email protected] <javascript:>> > wrote: > > Hi, > > I am using requests package to send a post request to an API within my > application. > > I am using the request as : > > *requests.post("https://xx.xxx.xxx.xxx/my-admin/api/api2 > <https://xx.xxx.xxx.xxx/my-admin/api/api2>", data=data)* > > where "xx.xxx.xxx.xxx" is the IP of my server on which this API is hosted. > > When I am trying to call this API from my application, django is raising > an exception as follows: > > *SSLError: hostname 'xx.xxx.xxx.xxx' doesn't match 'xxx.com > <http://xxx.com>'* > > But when I put the domain name in the request i.e. "xxx.com", it gives me > proper result. Also when I put verify=False along with the request, my > application gives me proper result even with IP addess in the request. > However the very same API is returning proper result with both --- IP > address and domain name. > > > This is how SSL/TLS works. The certificate is based on the domain name in > the CN or SAN fields. It will never work with just an IP address and a > valid publicity signed certificate. If your CA is signing certificates with > IP's instead of or in addition to names, I would start a campaign to have > them shut down. > > > My server has a CA signed certificate but the DNS have forward entry but > doesnot have a PTR entry. I have also verified with digicert.com and > found that when I am entering the domain name, it is giving proper IP > address but when I am giving IP address, it is not able to resolve the > domain name. > > This API was functioning working correctly with IP address when we had > self signed certificate. > > > No, it didn't. That would indicate that you imported the self-signed CA > certificate into your trusted CA store. It would also mean that the > certificate was generated using the IP as the value of the CN or SAN. No > SSL library does that without a lot of coaxing, if it's even possible > anymore. > > > > Also I am using nginx-gunicorn to run my application. > > Please help me with understanding why this is happening and what are the > best possible solutions for this problem. > > > There is no problem to solve, you are just experiencing the joys of SSL, > and there are many. ;-) > > Just make it a point to use the name. > > -James > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/47237f58-6ee1-4e8d-a4eb-5fdece004995%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
