Have you tried with a subjectaltname without the "IP:" Erik
Amol Chiplunkar <[email protected]> wrote: A simple curl client call works with the hostname It does not work with the ip address. I trussed both the calls and they are using the right certificate from the /etc/openssl/certs truststore Which makes me think something is wrong with the openssl conf during the cert generation. I have subjectAltName = IP:<ip address> in the openssl conf file. - Amol On 09/20/11 11:49, Shawn Walker wrote: > On 09/19/11 18:04, Amol Chiplunkar wrote: >> >> subjectAltName does not seem to work with the pkg command. >> I tried with >> subjectAltName = IP:<ip address> >> in the openssl conf file to create the certificate >> >> Also tried >> subjectAltName_default = IP:<ip address> >> >> Both these in combination with ServerAlias <ipaddress> for the Virtual >> Host and without the alias as well. >> It always generates Framework error: code: 51 reason: SSL: certificate >> subject name '<hostname>' does not match target host name '<ip address>' > > libcurl documentation states that: "Curl considers the server the > intended one when the Common Name field or a Subject Alternate Name > field in the certificate matches the host name in the URL to which you > told Curl to connect." > > So this should work. Have you tried using the curl client to retrieve > things via SSL using this server? Does it give you the same errors? > > -Shawn > _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
