无法验证ssl证书

时间:2017-06-28 19:11:08

标签: ssl wget

我无法验证我的某个客户的网站管理员帐户。

谷歌说“验证失败 - 与服务器的连接超时”。

当我尝试wget URL时,我发现下面的错误。有人可以帮我解决这个问题吗?

[pdurgapal]$ wget https://atlanticdiscountstore.com
--2017-06-28 11:48:48--  https://atlanticdiscountstore.com
Resolving atlanticdiscountstore.com... 188.241.58.18
Connecting to atlanticdiscountstore.com|188.241.58.18|:443... connected.
ERROR: cannot verify atlanticdiscountstore.com’s certificate, issued by “/CN=baldwincountyunited.com”:
  Self-signed certificate encountered.
ERROR: certificate common name “baldwincountyunited.com” doesn’t match requested host name “atlanticdiscountstore.com”.
To connect to atlanticdiscountstore.com insecurely, use ‘--no-check-certificate’.
[pdurgapal]$

1 个答案:

答案 0 :(得分:1)

您必须使用非常旧版本的wget,它不支持SNI。当使用支持SNI的适当客户端时,可以验证证书。除此之外,在成功完成TLS握手后,服务器响应速度很慢,但这不是您询问的问题。

要证明在没有SNI的情况下访问网站的问题:

$ openssl s_client -connect atlanticdiscountstore.com:443  |\
  openssl x509 -text
...
Subject: CN=baldwincountyunited.com
...
X509v3 Subject Alternative Name: 
  DNS:baldwincountyunited.com, DNS:mail.baldwincountyunited.com, DNS:www.baldwincountyunited.com

和SNI:

$ openssl s_client -connect atlanticdiscountstore.com:443 \
  -servername atlanticdiscountstore.com |\
  openssl x509 -text
  ...
  Subject: ... CN=*.atlanticdiscountstore.com
  ...
  X509v3 Subject Alternative Name: 
     DNS:*.atlanticdiscountstore.com, DNS:atlanticdiscountstore.com
相关问题
最新问题