Thanks James for your suggestion. So according to you, I must use the
domain name and not the IP address anymore in my request. Thanks again.
On Friday, November 10, 2017 at 11:09:59 PM UTC+5:30, James Schneider wrote:
>
>
>
> On Nov 10, 2017 3:45 AM, "Rahul Paul" <rahulp...@gmail.com <javascript:>>
> wrote:
>
> Hi,
>
> I am using requests package to send a post request to an API within my
> application.
>
> I am using the request as :
>
> *requests.post("https://xx.xxx.xxx.xxx/my-admin/api/api2
> <https://xx.xxx.xxx.xxx/my-admin/api/api2>", data=data)*
>
> where "xx.xxx.xxx.xxx" is the IP of my server on which this API is hosted.
>
> When I am trying to call this API from my application, django is raising
> an exception as follows:
>
> *SSLError: hostname 'xx.xxx.xxx.xxx' doesn't match 'xxx.com
> <http://xxx.com>'*
>
> But when I put the domain name in the request i.e. "xxx.com", it gives me
> proper result. Also when I put verify=False along with the request, my
> application gives me proper result even with IP addess in the request.
> However the very same API is returning proper result with both --- IP
> address and domain name.
>
>
> This is how SSL/TLS works. The certificate is based on the domain name in
> the CN or SAN fields. It will never work with just an IP address and a
> valid publicity signed certificate. If your CA is signing certificates with
> IP's instead of or in addition to names, I would start a campaign to have
> them shut down.
>
>
> My server has a CA signed certificate but the DNS have forward entry but
> doesnot have a PTR entry. I have also verified with digicert.com and
> found that when I am entering the domain name, it is giving proper IP
> address but when I am giving IP address, it is not able to resolve the
> domain name.
>
> This API was functioning working correctly with IP address when we had
> self signed certificate.
>
>
> No, it didn't. That would indicate that you imported the self-signed CA
> certificate into your trusted CA store. It would also mean that the
> certificate was generated using the IP as the value of the CN or SAN. No
> SSL library does that without a lot of coaxing, if it's even possible
> anymore.
>
>
>
> Also I am using nginx-gunicorn to run my application.
>
> Please help me with understanding why this is happening and what are the
> best possible solutions for this problem.
>
>
> There is no problem to solve, you are just experiencing the joys of SSL,
> and there are many. ;-)
>
> Just make it a point to use the name.
>
> -James
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/47237f58-6ee1-4e8d-a4eb-5fdece004995%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
