Sorry, My mistake, there's two things must be highlighted:
The CA cert Common Name must not same to the server/client side cert
The server/client side cert's common name must be same
I'm trying to using self-signed certificate for HTTPS Client side certificate. But, there's a problem " SSL: unable to obtain common name from peer certificate "
As you can see, the server side cert contains Common Name, why this problem occurs?
Here's curl output:
- About to connect() to 127.0.0.1 port 443 (#0)
- Trying 127.0.0.1... connected Enter PEM pass phrase:
- successfully set certificate verify locations:
- CAfile: /home/freeman/dev/git/ca_tools/ca_tools/ssl/CA/secure_ca.crt CApath: /etc/ssl/certs
- SSLv3, TLS handshake, Client hello (1):
- SSLv3, TLS handshake, Server hello (2):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS handshake, Server key exchange (12):
- SSLv3, TLS handshake, Request CERT (13):
- SSLv3, TLS handshake, Server finished (14):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS handshake, Client key exchange (16):
- SSLv3, TLS handshake, CERT verify (15):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSL connection using ECDHE-RSA-AES256-SHA
- Server certificate:
- subject: C=CN; ST=Beijing; L=Beijing; O=XiaoMi
- start date: 2014-05-14 12:50:20 GMT
- expire date: 2024-05-11 12:50:20 GMT
- SSL: unable to obtain common name from peer certificate
- Closing connection #0
- SSLv3, TLS alert, Client hello (1):
Here's
#openssl x509 -in server.crt -text -noout
Certificate: Data: Version: 1 (0x0) Serial Number: 15298562268347408844 (0xd44f6953eb0aa1cc) Signature Algorithm: sha1WithRSAEncryption Issuer: C=CN, ST=Beijing, L=Beijing, O=OKK, OU=Test, CN=MyComp Validity :
