I am new đồ sộ CURL world, coming from Windows + .NET tên miền.

Trying đồ sộ access Rest API for basic authentication at http://www.evercam.io/docs/api/v1/authentication.

curl -X GET https://api.evercam.io/v1/... \
-u {username}

Don't know how đồ sộ use this command on windows command prompt after having CURL setup successfully. Tested CURL as follows:

C:\>curl --version
curl 7.33.0 (x86_64-pc-win32) libcurl/7.33.0 OpenSSL/0.9.8y zlib/1.2.8 libssh2/1.4.3
Protocols: dict tệp tin ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp s
ftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate Largefile NTLM SSL SSPI libz

Now i am ending with this

C:\>curl -u myuser:mypassword -X GET https://api.evercam.io/v1/
curl: (51) SSL: no alternative certificate subject name matches target host name 'api.evercam.io'

How can I fix this SSL issue 51 error ?

asked Dec 30, 2013 at 15:59

It usually happens when the certificate does not match with the host name.

The solution would be đồ sộ liên hệ the host and ask it đồ sộ fix its certificate.
Otherwise you can turn off cURL's verification of the certificate, use the -k (or --insecure) option.
Please note that as the option said, it is insecure. You shouldn't use this option because it allows man-in-the-middle attacks and defeats the purpose of HTTPS.

More can be found in here: http://curl.haxx.se/docs/sslcerts.html

miken32

42.7k16 gold badges121 silver badges171 bronze badges

answered Dec 30, 2013 at 16:30

3

Editor's note: this is a very dangerous approach, if you are using a version of PHP old enough đồ sộ use it. It opens your code đồ sộ man-in-the-middle attacks and removes one of the primary purposes of an encrypted connection. The ability đồ sộ tự this has been removed from modern versions of PHP because it is sánh dangerous. The only reason this has been upvoted 70 time is because people are lazy. DO NOT DO THIS.

I know it's a (very) old question and it's about command line, but when I searched Google for "SSL: no alternative certificate subject name matches target host name", this was the first hit.

It took bủ a good while đồ sộ figure out the answer sánh hope this saves someone a lot of time! In PHP add this đồ sộ your cUrl setopts:

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);

p.s: this should be a temporary solution. Since this is a certificate error, best thing is đồ sộ have the certificate fixed ofcourse!

miken32

42.7k16 gold badges121 silver badges171 bronze badges

answered Feb 29, năm nhâm thìn at 17:04

4

The common name in the certicate for api.evercam.io is for *.herokuapp.com and there are no alternative subject names in the certificate. This means, that the certificate for api.evercam.io does not match the hostname and therefore the certificate verification fails. Same as true for www.evercam.io, e.g. try https://www.evercam.io with a browser and you get the error message, that the name in the certificate does not match the hostname.

So it is a problem which needs đồ sộ be fixed by evercam.io. If you don't care about security, man-in-the-middle attacks etc you might disable verification of the certificate (curl --insecure), but then you should ask yourself why you use https instead of http at all.

answered Dec 30, 2013 at 16:30

it might save some time đồ sộ somebody.

If you use GuzzleHttp and you face with this error message cURL error 60: SSL: no alternative certificate subject name matches target host name and you are fine with the 'insecure' solution (not recommended on production) then you have đồ sộ add \GuzzleHttp\RequestOptions::VERIFY => false đồ sộ the client configuration:

$this->client = new \GuzzleHttp\Client([
    'base_uri'                          => 'someAccessPoint',
    \GuzzleHttp\RequestOptions::HEADERS => [
        'User-Agent' => 'some-special-agent',
    ],
    'defaults'                          => [
        \GuzzleHttp\RequestOptions::CONNECT_TIMEOUT => 5,
        \GuzzleHttp\RequestOptions::ALLOW_REDIRECTS => true,
    ],
    \GuzzleHttp\RequestOptions::VERIFY  => false,
]);

which sets CURLOPT_SSL_VERIFYHOST đồ sộ 0 and CURLOPT_SSL_VERIFYPEER đồ sộ false in the CurlFactory::applyHandlerOptions() method

$conf[CURLOPT_SSL_VERIFYHOST] = 0;
$conf[CURLOPT_SSL_VERIFYPEER] = false;

From the GuzzleHttp documentation

verify

Describes the SSL certificate verification behavior of a request.

  • Set đồ sộ true đồ sộ enable SSL certificate verification and use the mặc định CA bundle > provided by operating system.
  • Set đồ sộ false đồ sộ disable certificate verification (this is insecure!).
  • Set đồ sộ a string đồ sộ provide the path đồ sộ a CA bundle đồ sộ enable verification using a custom certificate.

answered May 10, 2019 at 14:34

I had the same issue. In my case I was using digitalocean and nginx.
I have first setup a tên miền example.phầm mềm and a subdomain dev.exemple.phầm mềm in digitalocean. Second,I purchased two ssl certificat from godaddy. And finaly, I configured two tên miền in nginx đồ sộ use those two ssl certificat with the following snipet

My example.phầm mềm tên miền config 

    server {
    listen 7000 default_server;
    listen [::]:7000 default_server;

     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;

    root /srv/nodejs/echantillonnage1;

    # Add index.php đồ sộ the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name echantillonnage.app;
    ssl_certificate /srv/nodejs/certificatSsl/widcardcertificate/echantillonnage.app.chained.crt;
    ssl_certificate_key /srv/nodejs/certificatSsl/widcardcertificate/echantillonnage.app.key;

    location / {
            # First attempt đồ sộ serve request as tệp tin, then
            # as directory, then fall back đồ sộ displaying a 404.
            proxy_pass http://127.0.0.1:8090;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    #try_files $uri $uri/ =404;
    }
 }

My dev.example.app

   server {
    listen 7000 default_server;
    listen [::]:7000 default_server;

     listen 444 ssl default_server;
     listen [::]:444 ssl default_server;

    root /srv/nodejs/echantillonnage1;

    # Add index.php đồ sộ the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name dev.echantillonnage.app;
    ssl_certificate /srv/nodejs/certificatSsl/dev/dev.echantillonnage.app.chained.crt;
    ssl_certificate_key /srv/nodejs/certificatSsl/dev/dev.echantillonnage.app.key;

    location / {
            # First attempt đồ sộ serve request as tệp tin, then
            # as directory, then fall back đồ sộ displaying a 404.
            proxy_pass http://127.0.0.1:8091;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    #try_files $uri $uri/ =404;
    }
 }

When I was launching https://dev.echantillonnage.phầm mềm , I was getting 

    Fix CURL (51) SSL error: no alternative certificate subject name matches

My mistake was the two lines bellow

    listen 444 ssl default_server;
     listen [::]:444 ssl default_server;

I had đồ sộ change this to:

     listen 443 ssl;
     listen [::]:443 ssl;

answered May 2, 2019 at 4:17

1

As the error code says, "no alternative certificate subject name matches target host name" - sánh there is an issue with the SSL certificate.

The certificate should include SAN, and only SAN will be used. Some browsers ignore the deprecated Common Name.

RFC 2818 clearly states "If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged đồ sộ use the dNSName instead."

answered Mar 26, 2019 at 9:17

I did something similar but for the purpose of testing, I had added the main tên miền name đồ sộ my /etc/hosts tệp tin and kept struggling with it. So make sure you kiểm tra that tệp tin once as well.

starball

48k28 gold badges183 silver badges842 bronze badges

answered May 2, 2023 at 8:47

I used đồ sộ have the error when CN=example.ex but "Alternative Name" section missed example.ex
Just add example.ex đồ sộ "Alternative Name"