Curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate

Support
1

Problem: when I use curl cmd register a new host,but it raises error
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
further,I already use --insecure option ,still raise this error
how to do ,thank you
by the way,when you install foreman ,how to set ur local FQDN?

**Expected outcome:**curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

2

based on docs,if use --insecure,host will auto download all ca file from server,yes?
but,it raise error
[root@opsmanages anchors]# curl -v -sS --insecure ‘https://192.168.204.82/register?location_id=2&organization_id=1&update_packages=false’ -H ‘Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE3MDYwNzc0OTUsImp0aSI6IjM1YTVhYzk3MjA4MmJhZGQ5OGU2MDVmNDZkYjE3NzkwYmM0YTQ0ZWY1Nzc0MzNjODRkZjY1ZTJlNjdmNDIyZTkiLCJleHAiOjE3MDYwOTE4OTUsInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.gfg2wyPg_c9NBtnoZ_I2EmhzlfqXhK_2XhBgDUAXtY8’ | bash

  • About to connect() to 192.168.204.82 port 443 (#0)
  • Trying 192.168.204.82…
  • Connected to 192.168.204.82 (192.168.204.82) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • skipping SSL peer certificate verification
  • NSS: client certificate not found (nickname not specified)
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Server certificate:
  • subject: CN=man2mon.pcl.ac.cn
  • start date: Jan 21 07:39:18 2024 GMT
  • expire date: Jan 18 07:39:20 2039 GMT
  • common name: man2mon.pcl.ac.cn
  • issuer: CN=Puppet CA: man2mon.pcl.ac.cn

GET /register?location_id=2&organization_id=1&update_packages=false HTTP/1.1
User-Agent: curl/7.29.0
Host: 192.168.204.82
Accept: /
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE3MDYwNzc0OTUsImp0aSI6IjM1YTVhYzk3MjA4MmJhZGQ5OGU2MDVmNDZkYjE3NzkwYmM0YTQ0ZWY1Nzc0MzNjODRkZjY1ZTJlNjdmNDIyZTkiLCJleHAiOjE3MDYwOTE4OTUsInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.gfg2wyPg_c9NBtnoZ_I2EmhzlfqXhK_2XhBgDUAXtY8

< HTTP/1.1 200 OK
< Date: Wed, 24 Jan 2024 06:43:31 GMT
< Server: Apache
< Foreman_version: 3.9.1
< Foreman_api_version: 2
< Foreman_current_organization: 1; Default Organization
< Foreman_current_location: 2; Default Location
< Content-Type: text/plain; charset=utf-8
< ETag: W/“08bb44dbfb2473b8a08fff9ba0064d26”
< Cache-Control: max-age=0, private, must-revalidate
< X-Request-Id: dce40258-fd3a-495b-8f60-e7cb42a2e364
< X-Runtime: 0.113766
< Strict-Transport-Security: max-age=631139040; includeSubdomains
< X-Frame-Options: sameorigin
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Content-Security-Policy: default-src ‘self’; child-src ‘self’; connect-src ‘self’ ws: wss:; img-src ‘self’ data:; script-src ‘unsafe-eval’ ‘unsafe-inline’ ‘self’; style-src ‘unsafe-inline’ ‘self’
< Content-Length: 6718
< Set-Cookie: _session_id=5247b778c06a427b56b461bfcde29ea7; path=/; secure; HttpOnly; SameSite=Lax
< Via: 1.1 man2mon.pcl.ac.cn
<
{ [data not shown]

  • Connection #0 to host 192.168.204.82 left intact

Running registration

curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

later,I mannualy cp 2 ca files to host,still reprot error

3

image
image1287×108 13.1 KB

here path is it right?

4

I’m not sure which versions you are using, but try to see if you can find any useful information in our docs - Managing Hosts.