Hi, 

Today after patching AIX 7.2 to 7200-05-08, curl stopped working due to the lack of ssl lib 0.9.8.

I updated curl and all its dependencies and curl is failing due to some issue with self-signed certificate.

I downloaded the certificate from the server and put it in /var/ssl/certs, created the link correctly and now I get the error saying that the certificate subject name does not match target hostname.

host: /root > curl https://host:11080
curl: (60) SSL: certificate subject name 'CN' does not match target hostname 'host'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

Is there any way of fixing this besides using -k or --insecure option with curl?

Am I missing something else here?

I downloaded the certificate using curl and openssl, both gave the same result.

Commands used:

curl --head --insecure https://host:11080 -w "%{certs}" -o /dev/null > /tmp/cacert.pem

echo quit | openssl s_client -showcerts -servername host -connect host:11080 > /tmp/cacert.pem

openssl s_client -showcerts -servername host -connect host:11080 < /dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > /tmp/server.pem

All options give me the same result, saying that the subject name 'CN' does not match target hostname 'host'.

Thanks in advance.

this is hardly a curl or aix/openssl problem...The error suggests that the hostname in the the URL does not match match the common name in the certificate.

Hi, 

Today after patching AIX 7.2 to 7200-05-08, curl stopped working due to the lack of ssl lib 0.9.8.

I updated curl and all its dependencies and curl is failing due to some issue with self-signed certificate.

I downloaded the certificate from the server and put it in /var/ssl/certs, created the link correctly and now I get the error saying that the certificate subject name does not match target hostname.

host: /root > curl https://host:11080
curl: (60) SSL: certificate subject name 'CN' does not match target hostname 'host'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

Is there any way of fixing this besides using -k or --insecure option with curl?

Am I missing something else here?

I downloaded the certificate using curl and openssl, both gave the same result.

Commands used:

curl --head --insecure https://host:11080 -w "%{certs}" -o /dev/null > /tmp/cacert.pem

echo quit | openssl s_client -showcerts -servername host -connect host:11080 > /tmp/cacert.pem

openssl s_client -showcerts -servername host -connect host:11080 < /dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > /tmp/server.pem

All options give me the same result, saying that the subject name 'CN' does not match target hostname 'host'.

Thanks in advance.