2
I am trying to create an SSL certificate for a server which will work internally without giving warnings in Chrome. I've created it using SAN with multiple Subject Alt Names of localhost and the IP address. For some reason it works at localhost but it gives an error using the IP address in both curl
and Chrome.
$ curl https://192.168.1.50
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
$ curl https://localhost
<a href="https://localhost:9090/">Moved Permanently</a>.
Checking it on the command-line shows both names under the SAN section, so I'm not sure why this doesn't work:
$ openssl x509 -text -noout -in server.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8d:93:a1:be:d1:03:8f:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=California, L=Los Angeles, O=Alt Systems, OU=Internal, CN=Elliott/emailAddress=xxxxxx
Validity
Not Before: Nov 5 21:32:19 2019 GMT
Not After : Mar 19 21:32:19 2021 GMT
Subject: C=US, ST=CA, L=Los Angeles, O=Alt Systems, OU=Internal/emailAddress=xxxxxx, CN=alt-pix-la
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b0:53:b6:0b:f0:94:c1:a8:26:93:79:5a:45:86:
36:ac:60:c2:40:a2:bf:25:69:90:9f:8b:b9:3f:63:
30:ae:48:cc:f9:f0:9d:d4:15:3d:1c:20:bc:29:6f:
57:8f:7d:e9:a5:db:2b:2c:ac:1a:6f:6d:b9:17:98:
0e:a0:17:1f:3e:28:4e:42:bd:af:2e:54:dd:ec:ff:
7b:00:a5:ed:59:97:8a:6f:95:04:c9:eb:3a:6c:ec:
9e:c9:7e:12:ee:ce:cc:be:b7:c1:d3:fe:f6:cf:1d:
0d:68:07:68:52:7a:30:5f:f1:29:36:64:b2:a5:e8:
5e:a7:f9:75:ab:4b:aa:4b:12:aa:44:59:a3:df:18:
45:81:52:b1:4d:00:a4:f2:eb:7e:0d:3e:05:f9:94:
1a:aa:e4:2e:9a:ee:0c:59:91:b9:63:f3:5d:98:3b:
32:4e:f7:1b:47:e5:a7:54:5c:ba:75:9b:88:09:07:
cc:93:06:c3:8a:76:78:83:98:69:1a:8b:e2:fd:cf:
70:51:35:09:ba:67:ca:c1:81:f4:65:72:0a:15:7a:
12:2d:bc:65:04:7f:b8:c3:22:2b:79:8d:9a:62:54:
d2:89:3f:4a:02:72:36:27:6c:ad:50:4d:96:e5:a1:
df:8b:fe:51:0b:67:1b:44:4e:57:fc:bb:d7:1d:77:
9f:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:BC:39:94:F0:DC:DF:5D:8E:12:E1:DA:5F:8F:7C:C8:02:B4:0E:19:19
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Alternative Name:
DNS:localhost, DNS:192.168.1.50
Signature Algorithm: sha256WithRSAEncryption
54:8e:98:93:53:c2:af:fc:b7:03:5c:6d:d3:7d:9a:d9:2f:99:
ac:29:dc:0f:02:55:36:9e:70:57:68:df:27:5f:5e:a8:43:05:
ff:a4:7e:bd:15:99:ff:aa:67:35:93:90:35:e0:e7:20:b4:77:
7c:bf:6f:29:13:46:fc:56:81:58:60:67:14:ae:a1:1b:44:80:
92:81:7f:ed:5c:bc:75:36:a9:11:52:9b:28:e1:18:d6:a4:17:
35:13:6c:bd:be:64:db:70:a5:d4:7f:3e:16:26:73:f9:27:ed:
7b:03:44:b3:59:2d:53:8d:e2:77:f1:6d:8d:21:c0:d0:2c:96:
27:0c:c6:4e:6f:63:35:61:3e:b5:62:05:88:76:b5:99:ca:7d:
64:f9:6b:f4:9b:18:8e:3a:77:82:59:d2:13:c0:14:3c:0a:dc:
8d:82:38:ca:af:e9:43:06:83:ae:6e:4f:73:29:1d:0a:da:91:
ea:72:f4:26:f3:59:98:8d:ca:1a:ad:19:17:fd:bb:9f:62:bf:
85:e0:12:bd:9b:93:26:73:2b:9a:77:ff:c4:34:29:25:fc:c7:
13:8f:94:b3:28:d7:79:dc:54:57:6c:3d:01:f0:37:5c:a9:28:
23:13:89:7b:c5:63:51:eb:fc:ad:37:d1:31:cf:f4:2f:8c:9c:
5f:35:07:79
Thank you! Just figured this out as you were typing. I was going to delete the question but now that you've answered I will leave it. – Elliott B – 2019-11-05T21:48:14.853