I am getting this error in my device:
javax.net.ssl.SSLException: hostname in certificate didn't match: <ec2-5-43-58-857.us-east-2.compute.amazonaws.com> != <na>
So I did some research and found I could set alternative IP address in an OpenSSL config and then generate new keys/certs.
This is my config
[ubuntu@ip-172-31-25-95 ~] 2020-10-09 14:19:07$ cat san.cfg [req] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_req prompt = no [req_distinguished_name] countryName = XX stateOrProvinceName = N/A localityName = N/A organizationName = Self-signed certificate commonName = 188.8.131.52: Self-signed certificate [req_ext] subjectAltName = @alt_names [v3_req] subjectAltName = @alt_names [alt_names] IP.1 = ec2-5-43-58-857.us-east-2.compute.amazonaws.com
But when I run:
sudo openssl req -x509 -days 36500 -newkey rsa:2048 -keyout ./key_elastic.pem -out ./cert_elastic.pem -config ./san.cfg
I get this error:
140515677422016:error:220A4076:X509 V3 routines:a2i_GENERAL_NAME:bad ip address:../crypto/x509v3/v3_alt.c:457:value=ec2-5-43-58-857.us-east-2.compute.amazonaws.com 140515677422016:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=@alt_names
Mind you, everything was working fine until I switched to an elastic IP address for server. I made new keys they same way I did before. But then I got the first device error I mentions at the top of the post.