项目中有时候需要访问https网站,但如果该网站使用的是自建证书,那client端验证server端证书时,有时候会报错:
x509: cannot validate certificate for xxx because it doesn't contain any IP SANs
碰到这种情况,可以使用下面的方法来解决:
- server端,在生成证书时添加subjectAltName
- clinet端,有两种方法:
- 不适用IP直接方法,通过修改hosts的方式进行域名映射
- 不进行https的双向验证,以go为例:
client := &http.Client{Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}}
声明:本作品采用署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)进行许可,使用时请注明出处。
Author: mengbin
blog: mengbin
Github: mengbin92
cnblogs: 恋水无意
- certificate validate because contain cannotcertificate validate because contain quot hashcode because cannot filenotfoundexception resource because cannot rejected contains updates because verification because cannot failed resource because cannot opened certificate validation according procedure certificate expired docker valid spring-mvc because spring cannot baseurl方法cannot valid