Self-signed certificate for Http requests doesn't work

Development Programming & Scripting
, , ,
1

Good day everyone.
We are stuck at probably very banal point.

We have a server with self-signed certificate. We are doing requests to this server via FHttpModule.

Via browser and via command line curl I can do it. But not with my code requests we got error:

LogInit: Using libcurl 7.83.1
LogInit: CURL_VERSION_SSL
LogInit: CURL_VERSION_LIBZ
LogInit: CURL_VERSION_IPV6
LogInit: CURL_VERSION_ASYNCHDNS
LogInit: CURL_VERSION_LARGEFILE
LogInit: CurlRequestOptions (configurable via config and command line):
LogInit: - bVerifyPeer = false - Libcurl will NOT verify peer certificate
LogInit: - bUseHttpProxy = false - Libcurl will NOT use HTTP proxy
LogInit: - bDontReuseConnections = false - Libcurl will reuse connections
LogInit: - MaxHostConnections = 16 - Libcurl will limit the number of connections to a host

libcurl error: 60 (SSL peer certificate or SSH remote key was not OK)

libcurl info message cache 14 (Server certificate:)
libcurl info message cache 15 ( subject: C=CA; ST=None; L=NB; O=None; CN=MY_IP)
libcurl info message cache 16 ( start date: Apr 1 20:49:38 2024 GMT)
libcurl info message cache 17 ( expire date: Apr 1 20:49:38 2027 GMT)
libcurl info message cache 18 ( subjectAltName does not match MY_IP)
libcurl info message cache 19 (SSL: no alternative certificate subject name matches target host name ‘MY_IP’)
libcurl info message cache 20 (Closing connection 1)

We generate certificate as
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext

v3.ext:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = %%DOMAIN%%
DNS.2 = *.%%DOMAIN%%

So in browser I see
Certificate Subject Alternative Name:
Not Critical
DNS Name: MY_IP
DNS Name: *.MY_IP
IP Address: MY_IP

The questions is “What is wrong with subjectAltName” and “is it okey for Unreal use Self-Signed Certificates”?

We also put our Certificate to Engine\Content\Certificates\ThirdParty\cacert.pem. Is it the only place we could put it?

2

The problem was in putting IP_ADDRESS inside DNS here
[alt_names]
DNS.1 = %%DOMAIN%%
DNS.2 = *.%%DOMAIN%%

But is have to be
[alt_names]
IP = %%MY_IP%%

Doc explains acceptable format:
https://www.openssl.org/docs/manmaster/man5/x509v3_config.html

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.