Curl Fix CURL 51 SSL error no alternative certificate subject name matches

Question

I am new to CURL world  coming from Windows    NET domain   Trying to access Rest API for basic authentication at http   www evercam io docs api v1 authentication   curl -X GET https   api evercam io v1       -u  username    Don t know how to use this command on windows command prompt after having CURL setup successfully  Tested CURL as follows   C   gt curl --version curl 7 33 0  x86 64-pc-win32  libcurl 7 33 0 OpenSSL 0 9 8y zlib 1 2 8 libssh2 1 4 3 Protocols  dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp s ftp smtp smtps telnet tftp Features  AsynchDNS GSS-Negotiate Largefile NTLM SSL SSPI libz   Now i am ending with this  C   gt curl -u myuser mypassword -X GET https   api evercam io v1  curl   51  SSL  no alternative certificate subject name matches target host name  api evercam io    How can I fix this SSL issue 51 error

User · Accepted Answer

It usually happens when the certificate does not match with the host name.

The solution would be to contact the host and ask it to fix its certificate.
Otherwise you can turn off cURL's verification of the certificate, use the -k (or --insecure) option.
Please note that as the option said, it is insecure. You shouldn't use this option because it allows man-in-the-middle attacks and defeats the purpose of HTTPS.

More can be found in here: http://curl.haxx.se/docs/sslcerts.html

User · Answer

it might save some time to somebody   If you use GuzzleHttp and you face with this error message cURL error 60  SSL  no alternative certificate subject name matches target host name and you are fine with the  insecure  solution  not recommended on production  then you have to add  GuzzleHttp RequestOptions  VERIFY   gt  false to the client configuration    this- gt client   new  GuzzleHttp Client        base uri                             gt   someAccessPoint        GuzzleHttp RequestOptions  HEADERS   gt             User-Agent    gt   some-special-agent               defaults                             gt             GuzzleHttp RequestOptions  CONNECT TIMEOUT   gt  5           GuzzleHttp RequestOptions  ALLOW REDIRECTS   gt  true              GuzzleHttp RequestOptions  VERIFY    gt  false        which sets CURLOPT SSL VERIFYHOST to 0 and CURLOPT SSL VERIFYPEER to false in the CurlFactory  applyHandlerOptions   method   conf CURLOPT SSL VERIFYHOST    0   conf CURLOPT SSL VERIFYPEER    false    From the GuzzleHttp documentation     verify      Describes the SSL certificate verification behavior of a request          Set to true to enable SSL certificate verification and use the default CA bundle   provided by operating system    Set to false to disable certificate verification  this is insecure      Set to a string to provide the path to a CA bundle to enable verification using a custom certificate

User · Answer

I had the same issue  In my case I was using digitalocean and nginx   I have first setup a domain example app and a subdomain dev exemple app in digitalocean  Second I purchased two ssl certificat from godaddy  And finaly  I configured two domain in nginx to use those two ssl certificat with the following snipet  My example app domain config        server       listen 7000 default server      listen      7000 default server        listen 443 ssl default server       listen      443 ssl default server       root  srv nodejs echantillonnage1         Add index php to the list if you are using PHP     index index html index htm index nginx-debian html       server name echantillonnage app      ssl certificate  srv nodejs certificatSsl widcardcertificate echantillonnage app chained crt      ssl certificate key  srv nodejs certificatSsl widcardcertificate echantillonnage app key       location                   First attempt to serve request as file  then               as directory  then fall back to displaying a 404              proxy pass http   127 0 0 1 8090              proxy http version 1 1              proxy set header Upgrade  http upgrade              proxy set header Connection  upgrade               proxy set header Host  host              proxy cache bypass  http upgrade       try files  uri  uri   404             My dev example app     server       listen 7000 default server      listen      7000 default server        listen 444 ssl default server       listen      444 ssl default server       root  srv nodejs echantillonnage1         Add index php to the list if you are using PHP     index index html index htm index nginx-debian html       server name dev echantillonnage app      ssl certificate  srv nodejs certificatSsl dev dev echantillonnage app chained crt      ssl certificate key  srv nodejs certificatSsl dev dev echantillonnage app key       location                   First attempt to serve request as file  then               as directory  then fall back to displaying a 404              proxy pass http   127 0 0 1 8091              proxy http version 1 1              proxy set header Upgrade  http upgrade              proxy set header Connection  upgrade               proxy set header Host  host              proxy cache bypass  http upgrade       try files  uri  uri   404             When I was launching https   dev echantillonnage app   I was getting       Fix CURL  51  SSL error  no alternative certificate subject name matches   My mistake was the two lines bellow      listen 444 ssl default server       listen      444 ssl default server    I had to change this to        listen 443 ssl       listen      443 ssl

User · Answer

As the error code says   no alternative certificate subject name matches target host name  - so there is an issue with the SSL certificate    The certificate should include SAN  and only SAN will be used  Some browsers ignore the deprecated Common Name   RFC 2818 clearly states     If a subjectAltName extension of type dNSName is present  that MUST    be used as the identity  Otherwise  the  most specific  Common Name    field in the Subject field of the certificate MUST be used  Although    the use of the Common Name is existing practice  it is deprecated and    Certification Authorities are encouraged to use the dNSName instead

User · Answer

The common name in the certicate for api evercam io is for   herokuapp com and there are no alternative subject names in the certificate  This means  that the certificate for api evercam io does not match the hostname and therefore the certificate verification fails  Same as true for www evercam io  e g  try https   www evercam io with a browser and you get the error message  that the name in the certificate does not match the hostname    So it is a problem which needs to be fixed by evercam io  If you don t care about security  man-in-the-middle attacks etc you might disable verification of the certificate  curl --insecure   but then you should ask yourself why you use https instead of http at all

User · Answer

Editor s note  this is a very dangerous approach  if you are using a version of PHP old enough to use it  It opens your code to man-in-the-middle attacks and removes one of the primary purposes of an encrypted connection  The ability to do this has been removed from modern versions of PHP because it is so dangerous  The only reason this has been upvoted 70 time is because people are lazy  DO NOT DO THIS     I know it s a  very  old question and it s about command line  but when I searched Google for  SSL  no alternative certificate subject name matches target host name   this was the first hit   It took me a good while to figure out the answer so hope this saves someone a lot of time   In PHP add this to your cUrl setopts   curl setopt  curl  CURLOPT SSL VERIFYHOST  FALSE   curl setopt  curl  CURLOPT SSL VERIFYPEER  FALSE     p s  this should be a temporary solution  Since this is a certificate error  best thing is to have the certificate fixed ofcourse

[ssl] Curl: Fix CURL (51) SSL error: no alternative certificate subject name matches

Examples related to ssl

Examples related to curl

Examples related to https