curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect

Question

I am trying to setup a https server for local development.I am using a Windows 10 machine . I have generated a self signed Certificate using openssl. I used the following commands.

openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem

This is demo Server code (NodeJS) which outputs "hello world".

const https = require('https');
const fs = require('fs');

const options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem')
};


https.createServer(options, function (req, res) {
  res.writeHead(200);
  res.end("hello world\n");
}).listen(8000);

I have accessed the URL from command prompt using curl command

curl https://localhost:8000

I am getting the error as

curl: (35) schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect.

I have added the self signed certificated in the "Trusted root certificate authority" store using the "Microsoft management Console (mmc)". This is my Certificate image.

I don't understand where i am going wrong. Please help me solve this issue.

Answer 1

You can also use the -k switch with CURL to ignore SSL cert errors. Obviously, this is not recommended for an environment where you want to make sure the cert is good.

Answer 2

The Common Name (CN) in your certificate is "myown digital certificate" while it should be "localhost". Recreate the CSR and explicitly set the CN like so

openssl req -new -key key.pem -subj "/CN=localhost" -out csr.pem