Score:0

wget cannot find trusted certificate

mp flag

On my RedHat 8 system, wget fails with error below:

wget -v https://10.81.72.97/repo/packages/installer-5.1-1.x86_64.rpm
--2022-12-05 19:40:00--  https://10.81.72.97/repo/packages/installer-5.1-1.x86_64.rpm
Connecting to 10.81.72.97:443... connected.
The certificate's owner does not match hostname ‘10.81.72.97’

However I can see that this certificate exists in ca-bundle. It is a self-sign cert.

# openssl crl2pkcs7 -nocrl -certfile /etc/pki/tls/certs/ca-bundle.crt | openssl pkcs7 -print_certs
subject=C = US, ST = California, L = Mountain View, O = ABC LLC, OU = ABC Solutions, CN = 10.81.72.97

issuer=C = US, ST = California, L = Mountain View, O = ABC LLC, OU = ABC Solutions, CN = 10.81.72.97

Where is wget looking for the cert? And why does it think : The certificate's owner does not match hostname?

Score:3
in flag

The problem is not a missing CA, the problem is the not matching hostname. Check the Subject Alternative Name fields of the certificate, these are the names the certificate is valid for. Use one of the SAN names instead of the IP address and it will be valid.

Amol avatar
mp flag
Thanks @Gerald Schneider: how can I look at the Alternative Names field for this certificate? Also, in my question the certificate CN is matching with the IP address in the request, is it not sufficient for CN to match?
in flag
No, for a couple of years now it is required that the CN also exists as a SAN. How to check the SANs has been [answered elsewhere](https://stackoverflow.com/questions/13127352/how-to-check-subject-alternative-names-for-a-ssl-tls-certificate).
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.