Ошибка SSL «Ожидаемое имя сервера не найдено в цепочке». - PullRequest
Новая
       6

Ошибка SSL «Ожидаемое имя сервера не найдено в цепочке».

0 голосов
/ 27 января 2020

Попытка подключения к безопасному MQTT-брокеру. Получил ошибку: 

Expected server name was not found in the chain.

Что там на самом деле не так? Означает ли это, что самозаверяющий сертификат CA не содержит информации об имени хоста?

Сертификат CA: 

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:51
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
        Validity
            Not Before: Jan 26 20:52:34 2020 GMT
            Not After : Jan 25 20:52:34 2021 GMT
        Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0d:d2:2f:a6:90:40:2e:c5:89:eb:63:f1:ab:
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE
            X509v3 Subject Key Identifier:
                89:18:C2:70:17:6B:FB:CE:5B:DF:D0:AA:66:23:E3:44:71:23:E4:DE
            X509v3 Authority Key Identifier:
                keyid:89:18:C2:70:17:6B:FB:CE:5B:DF:D0:AA:66:23:E3:44:71:23:E4:DE
                DirName:/C=US/ST=California/L=Hawthorne/O=PhilNet/CN=34.245.0.159
                serial:25:31:48:1F:D0:21:0C:99:89:E3:0B:DB:3E:6A:34:95:CE:E8:FD:51

            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign
            X509v3 Subject Alternative Name:
                IP Address:34.245.0.159, DNS:ec2-34-245-0-159.eu-west-1.compute.amazonaws.com, DNS:ip-172-31-45-21
    Signature Algorithm: sha1WithRSAEncryption
         4c:41:d3:bb:c7:db:a3:57:91:c2:ef:41:1a:10:a0:34:90:ff:
         ...

Сертификат сервера: 

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:52
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
        Validity
            Not Before: Jan 26 20:52:34 2020 GMT
            Not After : Jan 25 20:52:34 2021 GMT
        Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:64:50:6a:9a:7c:90:d8:a6:71:8b:ca:c4:30:
                    ...

                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                A4:DF:EB:2B:6E:B8:07:62:D7:00:10:95:28:78:7D:FD:A3:D2:78:7E
            X509v3 Subject Alternative Name:
                IP Address:34.245.0.159, DNS:ec2-34-245-0-159.eu-west-1.compute.amazonaws.com, DNS:ip-172-31-45-21
    Signature Algorithm: sha1WithRSAEncryption
         0b:40:b4:65:7b:8a:21:70:3f:4c:4e:49:61:9b:09:75:d6:d3:

Сертификат клиента: 

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:31:48:1f:d0:21:0c:99:89:e3:0b:db:3e:6a:34:95:ce:e8:fd:53
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 34.245.0.159
        Validity
            Not Before: Jan 26 20:52:35 2020 GMT
            Not After : Jan 25 20:52:35 2021 GMT
        Subject: C = US, ST = California, L = Hawthorne, O = PhilNet, CN = 192.168.1.110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:43:55:fa:97:a1:23:2b:58:d0:64:2b:e6:6b:
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                1B:3F:DD:36:F4:5D:48:FD:6F:DF:58:6F:FE:BE:3A:C3:37:BD:93:77
            X509v3 Subject Alternative Name:
                IP Address:192.168.1.110
    Signature Algorithm: sha1WithRSAEncryption
         31:48:a6:1c:c8:39:57:91:8c:09:4e:7e:33:09:df:7a:a7:d9:

Как это исправить?

...