Перейти к содержимому


Pafos

Дата регистрации: 18 Май 2011
Офлайн Последняя активность: Июл 16 2015 06:24
-----

Созданные мной темы

Неправильный SSL сертификат

07 Июль 2015 - 10:03

Заметил, что на некоторых серверах у меня не работает ваше api. Выдает ошибку:

> curl https://api.admitad.com
curl: (51) SSL: no alternative certificate subject name matches target host name 'api.admitad.com'

Сервер почему-то возвращает сертификат для www.admitad.com, а не для *.admitad.com.

 

 

Вот, что выдает curl на машине, где все работает:

> curl -v https://api.admitad.com/
* Hostname was NOT found in DNS cache
*   Trying 212.224.118.164...
* Connected to api.admitad.com (212.224.118.164) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*      subject: OU=GT21564041; OU=See www.rapidssl.com/resources/cps (c)14; OU=Domain Control Validated - RapidSSL(R); CN=*.admitad.com
*      start date: 2014-10-21 19:05:37 GMT
*      expire date: 2015-12-23 18:06:26 GMT
*      subjectAltName: api.admitad.com matched
*      issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
*      SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: api.admitad.com
> Accept: */*
>
< HTTP/1.1 404 NOT FOUND
* Server nginx is not blacklisted
< Server: nginx
< Date: Tue, 07 Jul 2015 06:08:39 GMT
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Vary: Authorization,Host,Accept-Language,Cookie
< Content-Language: ru
<
* Connection #0 to host api.admitad.com left intact
{"error": "Not Found"}

А вот это с машины, где отваливается:

> curl -v https://api.admitad.com/
*   Trying 212.224.118.164...
* Connected to api.admitad.com (212.224.118.164) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.0 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS change cipher, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* Server certificate:
*      subject: 1.3.6.1.4.1.311.60.2.1.3=DE; 1.3.6.1.4.1.311.60.2.1.1=Muenchen; 2.5.4.15=Private Organization; serialNumber=HRB 193175; C=DE; ST=Baden-Wuerttemberg; L=Heilbronn; O=admitad GmbH; CN=www.admitad.com
*      start date: 2014-12-04 00:00:00 GMT
*      expire date: 2015-12-04 23:59:59 GMT
*      subjectAltName does not match api.admitad.com
* SSL: no alternative certificate subject name matches target host name 'api.admitad.com'
* Closing connection 0
* TLSv1.0 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'api.admitad.com'