locked
SSL StreamSocket and CertificateCommonNameIsIncorrect error

    Question

  • Hi,

    I'm trying to connect to a C++ SSL server (Unix server using openssl). I've setup the root certificate in the Root store using the package manifest declarations. I've also tried adding the server certificated to the "TrustedPeople" store. However, I was unable to establish the connection: it always fails with the CertificateNameCommonNameIsIncorrect SocketErrorStatus... the description of this error from the documentation is:

    ----

    CertificateCommonNameIsIncorrect:


    The certificate is not valid for the requested usage. This error is also returned if the certificate has an invalid name. The name is not included in the permitted list or is explicitly excluded.

    ----

    It isn't clear to me what CN the stream socket implementation is expecting... I also didn't find where to setup the permitted or exclusion list specified in the description of this message. Any ideas what this error refers too?

    Thanks.

    Cheers, Benoit.

    Monday, July 2, 2012 5:38 PM

Answers

All replies

  • The relevant data would be the host name of the server and the common name in the server certificate.  Are they the same?
    Monday, July 2, 2012 7:03 PM
  • Hi

    Thanks, no they weren't the same. I was expecting the host name to be checked against the subject DNS alternative name... looks like the stream socket implementation checks both the CN and the DNS against the hostname. It works now that I fixed the CN to be equal to the host name.

    Benoit.

    • Proposed as answer by Andrew7Webb Thursday, July 5, 2012 1:06 PM
    Tuesday, July 3, 2012 9:10 AM