当前位置:   article > 正文

nginx常见报错_unable to communicate securely with peer: requeste

unable to communicate securely with peer: requested domain name does not mat

1 (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

请求的域名与服务器的证书不匹配
域名校验不同,可关闭

1.1 curl

忽略方式
一种是添加临时域名解析缓存的方式,保证对外域名可以直接解析到内网IP–resolve subdomain.example.com:443:10.0.0.100;
另外一种是直接关闭域名校验–insecure

# 手工指定域名DNS解析结果,比如把subdomain.example.com:443解析到10.0.0.100:443
curl -v --resolve subdomain.example.com:443:10.0.0.100 https://subdomain.example.com/

# 禁止domain校验
curl -v --insecure https://subdomain.example.com/
  • 1
  • 2
  • 3
  • 4
  • 5

1.2 wget

增加参数–no-check-certificate

wget 'https://subdomain.example.com/goods.json' --no-check-certificate
  • 1

1.3 OkHttp

错误内容
javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.0.0.100 not verified
忽略方式:自定义HostnameVerifier

OkHttpClient client = new OkHttpClient.Builder()
.readTimeout(READ_TIMEOUT, TimeUnit.SECONDS)
.writeTimeout(WRITE_TIMEOUT, TimeUnit.SECONDS)
.connectTimeout(CONNECT_TIMEOUT, TimeUnit.SECONDS)
//设置自定义的hostname校验类,默认返回true
.hostnameVerifier((hostname, session) -> true)
.build();

2 nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead…

注掉了“ssl on;”这行!这是错误的根源。并且我在多次试验中都重复了这个操作,直到深夜的一次试验中决定保留那个警告看看,结果就神奇的成功了。

但是在nginx 1.15以上的版本中会有警告:nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /usr/local/nginx/conf/servers/www.xxxx.com:
nginx1.15后不支持ssl on配置

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小丑西瓜9/article/detail/662171
推荐阅读
相关标签
  

闽ICP备14008679号