x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs 解決:

阿新 • • 發佈：2019-01-12

一, 編輯openssl.cnf,在[v3_ca]下面新增：subjectAltName = IP:IP地址
注意, 直接寫成123.56.157.144就行, 不用改成192或是其它地址

[ v3_ca ]

subjectAltName = IP:123.56.157.144

二, 生成證書相關檔案(伺服器單向認證如下)

1, openssl genrsa -out ca.key 2048
2, openssl req -x509 -new -nodes -key ca.key -subj "/CN=tonybai.com" -days 5000 -out ca.crt

3, openssl genrsa -out server.key 2048
4, openssl req -new -key server.key -subj "/CN=tonybai.com" -out server.csr
5, openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 5000

第4步裡的tonybai.com就是程式碼裡要訪問的域名

三, 修改/etc/hosts 新增 192.168.1.41 tonybai.com
[[email protected]

my]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.41 tonybai.com

四, client程式碼如下:

package main

import (
   "crypto/tls"
   "crypto/x509"
   "fmt"
   "io/ioutil"
   "net/http"
)

func main() {
pool := x509.NewCertPool()
caCertPath := "ca.crt"

   caCrt, err := ioutil.ReadFile(caCertPath)
   if err != nil {
       fmt.Println("ReadFile err:", err)
       return
   }
   pool.AppendCertsFromPEM(caCrt)

   tr := &http.Transport{
       TLSClientConfig: &tls.Config{RootCAs: pool},
       DisableCompression: true,
   }

client := &http.Client{Transport: tr}

   //resp, err := client.Get("https://192.168.1.41:8081")
   //如果是IP則會報下面的錯
   //Get error: Get https://192.168.1.41:8000: x509: cannot validate certificate for 192.168.1.41 because it doesn't contain any IP SANs

   resp, err := client.Get("https://tonybai.com:8081")
   if err != nil {
       fmt.Println("Get error:", err)
       return
   }
   defer resp.Body.Close()
   body, err := ioutil.ReadAll(resp.Body)
   fmt.Println(string(body))
}

五, 伺服器程式碼如下
package main

import (
"fmt"
"net/http"
)

func handler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w,
"Hi, This is an example of http service in golang!")
}

func handler2(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w,
"Hi, This is an example of http service in golang2222!")
}

func main() {

http.HandleFunc("/h2", handler2)

   http.HandleFunc("/", handler)
   http.ListenAndServeTLS(":8081",
       "server.crt", "server.key", nil)
}

x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs 解決:

x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs 解決:

錯誤消息 This computer doesn't have VT-X/AMD-v enabled

Refused to display in a frame because it set 'X-Frame-Options' to 'DENY'的解決辦法

error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MTd_StaticDebug' doesn't match value '

killall doesn't kill all and rarely kills, what is the command for then?

Error:Cannot build artifact 'qthl-wf-quartz2:war exploded' because it is included into a circular錯誤

nodeJs的nodemailer發郵件報錯hostname/IP doesn't match certificate's altnames怎麼解決?

Content type 'application/x-www-form-urlencoded;charset=UTF-8' not supported for @RequestBody XXX

MySQL問題記錄——Incorrect string value: '……' for column '……' at row X

ArcGIS Editor for OSM, 10.3.x Desktop

def f(x,l=[]): for i in range(x): l.append(i*i) print l

阿里雲X-Forwarded-For 發現tomcat記錄的日誌全部來自於SLB轉發的IP地址，不能獲取到請求的真實IP。

編程練習效果圖:XXXX年XX月X日星期X--班級總分為:81

實踐補充 Installing Tomcat 7.0.x on OS X

Python3.x和Python2.x的區別

codevs 2038 香甜的黃油x+luogu P1828 x

hdu 4389 X mod f(x) 數位dp

Python 2.7.x 和 3.x 版本區別小結

記錄：Ubuntu下升級Python從2.x到3.x

Spark2.x 與 Spark1.x 關系

x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs 解決:

相關推薦