在我的 RedHat 8 系统上,wget
出现以下错误:
wget -v https://10.81.72.97/repo/packages/installer-5.1-1.x86_64.rpm
--2022-12-05 19:40:00-- https://10.81.72.97/repo/packages/installer-5.1-1.x86_64.rpm
Connecting to 10.81.72.97:443... connected.
The certificate's owner does not match hostname ‘10.81.72.97’
但是我可以看到该证书存在于 ca-bundle 中。它是一个自签名证书。
# openssl crl2pkcs7 -nocrl -certfile /etc/pki/tls/certs/ca-bundle.crt | openssl pkcs7 -print_certs
subject=C = US, ST = California, L = Mountain View, O = ABC LLC, OU = ABC Solutions, CN = 10.81.72.97
issuer=C = US, ST = California, L = Mountain View, O = ABC LLC, OU = ABC Solutions, CN = 10.81.72.97
wget 在哪里寻找证书?为什么它会认为:证书所有者与主机名不匹配?
答案1
问题不是缺少 CA,而是主机名不匹配。检查证书的“主题备用名称”字段,这些是证书有效的名称。使用其中一个 SAN 名称代替 IP 地址,它将有效。