2

每次运行以下命令时,我都会收到以下提示cm status

cs:630@rep:MyServer@repserver:ssl://<obfuscated>:8088

WARNING: the secure connection hostname provided in the server 
certificate doesn't match the server's hostname. This means that the 
certificate was not issued to this hostname or that there is a network 
configuration problem with this host.

- Certificate hostname: CN=ip-<obfuscated>
- Server hostname: CN=<obfuscated>

If you want to continue connecting to this host, choose 'Yes'. The certificate 
  validation will continue (not recommended).
If you want to abandon the connection, choose 'No' (recommended).

Choose an option (Y)es, (N)o (hitting Enter selects 'No'): Yes

The server you are connecting to has sent a certificate that is not in the 
store. This is normal if it is the first time that you connect to this server.

Certificate details: 
- Issued to: CN=ip-<obfuscated>
- Issued by: CN=ip-<obfuscated>
- Expiration date: 6/30/2023 6:15:40 AM
- Certificate hash: <obfuscated>

If you trust this host, choose 'Yes' to add the key to Plastic SCM's key store 
  (recommended if it is the first time you connect to this server).
If you want to carry on connecting just once, without adding the key to the 
  store, choose 'No'.

If you do not trust this host, choose 'Cancel' to abandon the connection.

Choose an option (Y)es, (N)o, (C)ancel (hitting Enter cancels): Yes

如您所见,它询问了两次,我每次都说两次。GUI 也一样。似乎没有记住信任关系。不确定要检查什么。

可能的解决方案 #1:提供与服务器主机名匹配的服务器证书。

4

1 回答 1

2

当您使用带有服务器短名称 (' myserver') 的 url 时,会发生这种情况,
而证书已为 fqn 颁发(完全限定名称,如 ' myserver.fr.com')。

或相反亦然。

这就是为什么,当我创建(自签名)证书时,我总是提到完整的subjectAltName,带有短名称和 FQN,就像在这个openssl 配置文件中一样:

[ v3_ca ]
subjectAltName = DNS:@FQN@, DNS:@HOSTNAME@

这样,您的证书可以匹配多个主机名。

于 2013-10-10T08:14:29.067 回答