I am getting this error in my device:
javax.net.ssl.SSLException: hostname in certificate didn't match: <ec2-5-43-58-857.us-east-2.compute.amazonaws.com> != <na>
So I did some research and found I could set alternative IP address in an OpenSSL config and then generate new keys/certs.
This is my config
[ubuntu@ip-172-31-25-95 ~] 2020-10-09 14:19:07$ cat san.cfg
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = Self-signed certificate
commonName = 120.0.0.1: Self-signed certificate
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = ec2-5-43-58-857.us-east-2.compute.amazonaws.com
But when I run:
sudo openssl req -x509 -days 36500 -newkey rsa:2048 -keyout ./key_elastic.pem -out ./cert_elastic.pem -config ./san.cfg
I get this error:
140515677422016:error:220A4076:X509 V3 routines:a2i_GENERAL_NAME:bad ip address:../crypto/x509v3/v3_alt.c:457:value=ec2-5-43-58-857.us-east-2.compute.amazonaws.com
140515677422016:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=@alt_names
Mind you, everything was working fine until I switched to an elastic IP address for server. I made new keys they same way I did before. But then I got the first device error I mentions at the top of the post.
