I am new vĩ đại CURL world, coming from Windows + .NET domain name.

Trying vĩ đại access Rest API for basic authentication at http://www.evercam.io/docs/api/v1/authentication.

curl -X GET https://api.evercam.io/v1/... \
-u {username}

Don't know how vĩ đại use this command on windows command prompt after having CURL setup successfully. Tested CURL as follows:

C:\>curl --version
curl 7.33.0 (x86_64-pc-win32) libcurl/7.33.0 OpenSSL/0.9.8y zlib/1.2.8 libssh2/1.4.3
Protocols: dict tệp tin ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp s
ftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate Largefile NTLM SSL SSPI libz

Now i am ending with this

C:\>curl -u myuser:mypassword -X GET https://api.evercam.io/v1/
curl: (51) SSL: no alternative certificate subject name matches target host name 'api.evercam.io'

How can I fix this SSL issue 51 error ?

asked Dec 30, 2013 at 15:59

It usually happens when the certificate does not match with the host name.

The solution would be vĩ đại tương tác the host and ask it vĩ đại fix its certificate.
Otherwise you can turn off cURL's verification of the certificate, use the -k (or --insecure) option.
Please note that as the option said, it is insecure. You shouldn't use this option because it allows man-in-the-middle attacks and defeats the purpose of HTTPS.

More can be found in here: http://curl.haxx.se/docs/sslcerts.html

miken32

42.7k16 gold badges121 silver badges170 bronze badges

answered Dec 30, 2013 at 16:30

3

Editor's note: this is a very dangerous approach, if you are using a version of PHP old enough vĩ đại use it. It opens your code vĩ đại man-in-the-middle attacks and removes one of the primary purposes of an encrypted connection. The ability vĩ đại bởi this has been removed from modern versions of PHP because it is so sánh dangerous. The only reason this has been upvoted 70 time is because people are lazy. DO NOT DO THIS.

I know it's a (very) old question and it's about command line, but when I searched Google for "SSL: no alternative certificate subject name matches target host name", this was the first hit.

It took bủ a good while vĩ đại figure out the answer so sánh hope this saves someone a lot of time! In PHP add this vĩ đại your cUrl setopts:

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);

p.s: this should be a temporary solution. Since this is a certificate error, best thing is vĩ đại have the certificate fixed ofcourse!

miken32

42.7k16 gold badges121 silver badges170 bronze badges

answered Feb 29, năm nhâm thìn at 17:04

4

The common name in the certicate for api.evercam.io is for *.herokuapp.com and there are no alternative subject names in the certificate. This means, that the certificate for api.evercam.io does not match the hostname and therefore the certificate verification fails. Same as true for www.evercam.io, e.g. try https://www.evercam.io with a browser and you get the error message, that the name in the certificate does not match the hostname.

So it is a problem which needs vĩ đại be fixed by evercam.io. If you don't care about security, man-in-the-middle attacks etc you might disable verification of the certificate (curl --insecure), but then you should ask yourself why you use https instead of http at all.

answered Dec 30, 2013 at 16:30

it might save some time vĩ đại somebody.

If you use GuzzleHttp and you face with this error message cURL error 60: SSL: no alternative certificate subject name matches target host name and you are fine with the 'insecure' solution (not recommended on production) then you have vĩ đại add \GuzzleHttp\RequestOptions::VERIFY => false vĩ đại the client configuration:

$this->client = new \GuzzleHttp\Client([
    'base_uri'                          => 'someAccessPoint',
    \GuzzleHttp\RequestOptions::HEADERS => [
        'User-Agent' => 'some-special-agent',
    ],
    'defaults'                          => [
        \GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
        \GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true,
    ],
    \GuzzleHttp\RequestOptions::VERIFY  => false,
]);

which sets CURLOPT_SSL_VERIFYHOST vĩ đại 0 and CURLOPT_SSL_VERIFYPEER vĩ đại false in the CurlFactory::applyHandlerOptions() method

$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = false;

From the GuzzleHttp documentation

verify

Describes the SSL certificate verification behavior of a request.

  • Set vĩ đại true vĩ đại enable SSL certificate verification and use the mặc định CA bundle > provided by operating system.
  • Set vĩ đại false vĩ đại disable certificate verification (this is insecure!).
  • Set vĩ đại a string vĩ đại provide the path vĩ đại a CA bundle vĩ đại enable verification using a custom certificate.

answered May 10, 2019 at 14:34

I had the same issue. In my case I was using digitalocean and nginx.
I have first setup a domain name example.tiện ích and a subdomain dev.exemple.tiện ích in digitalocean. Second,I purchased two ssl certificat from godaddy. And finaly, I configured two domain name in nginx vĩ đại use those two ssl certificat with the following snipet

My example.tiện ích domain name config 

    server {
    listen 7000 default_server;
    listen [::]:7000 default_server;

     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;

    root /srv/nodejs/echantillonnage1;

    # Add index.php vĩ đại the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name echantillonnage.app;
    ssl_certificate /srv/nodejs/certificatSsl/widcardcertificate/echantillonnage.app.chained.crt;
    ssl_certificate_key /srv/nodejs/certificatSsl/widcardcertificate/echantillonnage.app.key;

    location / {
            # First attempt vĩ đại serve request as tệp tin, then
            # as directory, then fall back vĩ đại displaying a 404.
            proxy_pass http://127.0.0.1:8090;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    #try_files $uri $uri/ =404;
    }
 }

My dev.example.app

   server {
    listen 7000 default_server;
    listen [::]:7000 default_server;

     listen 444 ssl default_server;
     listen [::]:444 ssl default_server;

    root /srv/nodejs/echantillonnage1;

    # Add index.php vĩ đại the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name dev.echantillonnage.app;
    ssl_certificate /srv/nodejs/certificatSsl/dev/dev.echantillonnage.app.chained.crt;
    ssl_certificate_key /srv/nodejs/certificatSsl/dev/dev.echantillonnage.app.key;

    location / {
            # First attempt vĩ đại serve request as tệp tin, then
            # as directory, then fall back vĩ đại displaying a 404.
            proxy_pass http://127.0.0.1:8091;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    #try_files $uri $uri/ =404;
    }
 }

When I was launching https://dev.echantillonnage.tiện ích , I was getting 

    Fix CURL (51) SSL error: no alternative certificate subject name matches

My mistake was the two lines bellow

    listen 444 ssl default_server;
     listen [::]:444 ssl default_server;

I had vĩ đại change this to:

     listen 443 ssl;
     listen [::]:443 ssl;

answered May 2, 2019 at 4:17

1

As the error code says, "no alternative certificate subject name matches target host name" - so sánh there is an issue with the SSL certificate.

The certificate should include SAN, and only SAN will be used. Some browsers ignore the deprecated Common Name.

RFC 2818 clearly states "If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged vĩ đại use the dNSName instead."

answered Mar 26, 2019 at 9:17

I did something similar but for the purpose of testing, I had added the main domain name name vĩ đại my /etc/hosts tệp tin and kept struggling with it. So make sure you kiểm tra that tệp tin once as well.

starball

47.8k28 gold badges182 silver badges838 bronze badges

answered May 2, 2023 at 8:47

I used vĩ đại have the error when CN=example.ex but "Alternative Name" section missed example.ex
Just add example.ex vĩ đại "Alternative Name"