SSL: certificate subject name 'locladomain' does not match target host name XX.xx.xx.

phpdev · 03-23-2012, 03:52 PM

Hello,

I am using cURL with php5.3 and try to post form using it to https url.
but when echo the error it says "SSL: certificate subject name 'localhost.localdomain' does not match target host name XX.XX.XX.XXX"

Is there anything to do with SSL certificate?

Any help will be great and appreciated.

Thank you

Ser Olmy · 03-23-2012, 04:03 PM

This is the SSL error you'll get if you access an SSL/TLS protected resource using a name other than the certificate subject name.

You're trying to post from a process running on the same system, but obviously the certificate was not issued to "localhost.localdomain". Post to the correct hostname and the problem should disappear.

Edit: Sorry, it's actually worse: You do have a certificate issued to "localhost.localdomain", and you're trying to access the site using an IP address instead.

Anyway, you need to access the https site with the same name used to issue the SSL certificate. And that name should not be "localhost.localdomain".

phpdev · 03-26-2012, 09:21 AM

thank you for reply.

i am new to ssl
below link help me
http://wiki.centos.org/HowTos/Https

Ser Olmy · 03-26-2012, 04:27 PM

When you post to (or access in any way) a https url, the SSL/TLS process starts with the server giving the client a certificate. The client expects the name in the certificate to be identical to the server name in the URL.

In your case, you've installed a self-signed certificate. When you created a certificate signing request (CSR) with OpenSSL, you didn't specify a host name ('subject' in certificate-speak), so OpenSSL tried to autodetect the hostname. It found "localhost.localdomain", which is unfortunate, since that is a name that is used on all systems to reference the system itself. A proper domain name would have been better, but that's not the reason you're getting an SSL error.

The error message appears because you're accessing the https page using an IP address (https://xx.xx.xx.xx/someurl), not the host name (https://localhost.localdomain/someurl). Since the certificate wasn't (and cannot be) issued to an IP address, SSL negotiation fails.

Try using "localhost.localdomain" instead of the IP address. (And if that works, consider generating a new certificate issued to a proper hostname.)