On my RedHat 8 system, wget
fails with error below:
wget -v https://10.81.72.97/repo/packages/installer-5.1-1.x86_64.rpm
--2022-12-05 19:40:00-- https://10.81.72.97/repo/packages/installer-5.1-1.x86_64.rpm
Connecting to 10.81.72.97:443... connected.
The certificate's owner does not match hostname ‘10.81.72.97’
However I can see that this certificate exists in ca-bundle. It is a self-sign cert.
# openssl crl2pkcs7 -nocrl -certfile /etc/pki/tls/certs/ca-bundle.crt | openssl pkcs7 -print_certs
subject=C = US, ST = California, L = Mountain View, O = ABC LLC, OU = ABC Solutions, CN = 10.81.72.97
issuer=C = US, ST = California, L = Mountain View, O = ABC LLC, OU = ABC Solutions, CN = 10.81.72.97
Where is wget looking for the cert? And why does it think : The certificate's owner does not match hostname?
답변1
The problem is not a missing CA, the problem is the not matching hostname. Check the Subject Alternative Name fields of the certificate, these are the names the certificate is valid for. Use one of the SAN names instead of the IP address and it will be valid.