每次运行类似命令时,我开始收到以下提示cm status:
cs:630@rep:MyServer@repserver:ssl://<obfuscated>:8088
WARNING: the secure connection hostname provided in the server
certificate doesn't match the server's hostname. This means that the
certificate was not issued to this hostname or that there is a network
configuration problem with this host.
- Certificate hostname: CN=ip-<obfuscated>
- Server hostname: CN=<obfuscated>
If you want to continue connecting to this host, choose 'Yes'. The certificate
validation will continue (not recommended).
If you want to abandon the connection, choose 'No' (recommended).
Choose an option (Y)es, (N)o (hitting Enter selects 'No'): Yes
The server you are connecting to has sent a certificate that is not in the
store. This is normal if it is the first time that you connect to this server.
Certificate details:
- Issued to: CN=ip-<obfuscated>
- Issued by: CN=ip-<obfuscated>
- Expiration date: 6/30/2023 6:15:40 AM
- Certificate hash: <obfuscated>
If you trust this host, choose 'Yes' to add the key to Plastic SCM's key store
(recommended if it is the first time you connect to this server).
If you want to carry on connecting just once, without adding the key to the
store, choose 'No'.
If you do not trust this host, choose 'Cancel' to abandon the connection.
Choose an option (Y)es, (N)o, (C)ancel (hitting Enter cancels): Yes
正如你所看到的,它问了两次,我每次都说是。 GUI 也一样。看来信任关系没有被记住。不确定要检查什么。
可能的解决方案#1:提供与服务器主机名匹配的服务器证书。
当您使用带有服务器短名称的 url ('myserver'),
虽然已为 FQN 颁发了证书(完全限定名称,例如 'myserver.fr.com').
或相反亦然。
这就是为什么当我创建(自签名)证书时,我总是提到完整的subjectAltName,带有短名称和 FQN,如下所示openssl 配置文件 https://github.com/VonC/compileEverything/blob/master/apache/o.cnf.tpl#L24:
[ v3_ca ]
subjectAltName = DNS:@FQN@, DNS:@HOSTNAME@
这样,您的证书就可以匹配多个主机名。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
