2

Good day!

I have difficulties with requests in Go. Locally service works fine, but in the server I have this error:

"Post "https://x.x.x.x:xxxx/": x509: cannot validate certificate for x.x.x.x because it doesn't contain any IP SANs

Solutions like using dns is not suite, only ip address with port, since it is an internal service. Also, tried out:

    TLSConfig: &tls.Config{
        InsecureSkipVerify: true
    }

Updated! Tried out with NodeJS, works fine, so I think problem with Go's tls configs

Please, hint me how can eliminate this error?

Dazai
  • 49
  • 1
  • 8
  • 1
    If you cannot update the certificate to contain an IP address SAN set [ServerName](https://pkg.go.dev/crypto/tls#Config.ServerName) in the tls.Config to the expected domain name. – Peter Feb 28 '22 at 10:19
  • there isn't any dns names, just ip, can I fill this field with ip address – Dazai Feb 28 '22 at 11:15
  • It's unlikely that the certificate contains no DNS SANs at all. You can check that with `openssl s_client -connect $ip:$port -showcerts /dev/null | openssl x509 -noout -text`. If there really are no DNS SANs, set ServerName to the Subject's CN. Setting ServerName to an IP is futile because, as the error says, the certificate doesn't contain any IP SANs. – Peter Feb 28 '22 at 11:21
  • Does this answer your question? [How to do a https request with bad certificate?](https://stackoverflow.com/questions/12122159/how-to-do-a-https-request-with-bad-certificate) – rustyx Feb 28 '22 at 13:51
  • @rustyx sorry tried out, but still error is occured – Dazai Mar 01 '22 at 04:28
  • In that case we need to see a complete minimal program, because InsecureSkipVerify flag should work. – rustyx Mar 01 '22 at 14:25
  • It was not working locally either, because in our org using *.pca, for getting proxy. So when I set GOPROXY, I an getting error even for the below command... When I given basic command to install:- go install -v golang.org/x/tools/gopls@latest Error:- go: golang.org/x/tools/gopls@latest: module golang.org/x/tools/gopls: Get "https:///golang.org/x/tools/gopls/@v/list": x509: cannot validate certificate for because it doesn't contain any IP SANs – Jerry James May 30 '22 at 06:37
  • I experienced this when connecting to AstrabDB using their secure connect bundle. NodeJS works but Go doesn't. I tried `InsecureSkipVerify: true` and it works! Maybe this will help! – anlogg Sep 14 '22 at 13:18

0 Answers0