chenyu wrote:
Hi,
I try to run the NSS security tool (ssl test tools) (bin/selfserv.exe,
bin/client.exe). Because the X.509 is not fully understood, I don't know
where the problem is.
My operation steps are as follows:
1. create DB.
2. create one self-signed certificate for CA.
3. create a certifcate request, and sign a certifcate with the CA.
4. run "selfserv"(ssl server) with the first certificate.
5. run "client" (ssl client) with the second certificate.
The console gives me the following error information:
Launched thread in slot 0
Error in function PR_Write: -12276
- Unable to communicate securely with peer: requested domain name does not
match the server's certificate.
Error in function handle_connection: -12276
- Unable to communicate securely with peer: requested domain name does not
match the server's certificate.
Thread in slot 0 returned -1
I don't know the meaning of "domain name" here, could you give me any clue
for me to continue my reading.
The "domain name" is the DNS hostname of the server.
The server's certificate should contain the DNS hostname
of the server, preferalbly in the subjectAltName certificate
extension. NSS checks the DNS hostname in the server's
certificate against the DNS hostname you requested.
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
