How to alias a ssl certificate common name?

ssl ssl-certificate curl
18,775

Unfortunately there is not a way to do what you want, outside of obtaining a new certificate which contains e.g. Subject Alternative Name (SAN) extensions for the other DNS names/IP addresses by which your TLS client would contact that server.

The reason is that this "aliasing" needs to be trustable by the X509 verification process, and the only thing that makes for trustable binding of information -- including aliases like "this subject/cert is also associated with DNS name site.example.com and IP address 1.2.3.4" -- is to have these aliases/associations contained within the certificate itself. The verification process trusts the signing certificate, and thus the issuing certificate's signature needs to encompass everything about that subject, including aliases. Everything that the issuing certificate asserts to be valid is contained within the certificate itself.

Another way to think about this is "if it's not signed by the issuing certificate, then it can't be trusted".

Share:
18,775

Related videos on Youtube

Benubird
Author by

Benubird

Updated on September 18, 2022

Comments

  • Benubird
    Benubird over 1 year

    I have a server, which has a self signed certificate, which I am trying to securely access. I've got the certificate by looking at the output from openssl s_client -connect <ip>, and copied it to testcert.pem, which I then tried to use with curl --cacert testcert.pem <url>. However, this didn't work, and my research has lead me believe that the problem may be the line in the certificate that reads Subject: CN=id23946.

    Apparently, I need to store an alias somewhere on my system linking id23946 to the ip address, but I can't find any information on how to do that. So, how do I do it? How do I make curl verify this certificate as valid?

    Edit: I am aware that I can connect to the server by adding <ip> id23946 to my hosts file and then using id23946 as the address, but I would really prefer to be able to connect directly to the server's actual address, without having to modify the server certificate. Is there any way to do that?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

curl - SSL peer does not support certificates of the type it received
curl FTPS with client certificate to a vsftpd
Adding a self-signed cert to the trusted certs within cURL in Windows?
cURL or SSL problems, how to solve?
curl fails to retrieve HTTPS content: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Displaying a remote SSL certificate details using CLI tools
What does "tlsv1 alert unknown ca" mean?
Curl: unable to get local issuer certificate. How to debug?
SSL routines:tls_process_server_certificate:certificate verify failed
SSL certificate error