I am configuring a server that has both a public and private IP. It doesn't have any associated domain names.
Using a self-signed certificate to access the URL below works properly:
https://<PUBLIC IP>:8443
However, when I try to access that server using its private IP:
wget https://<PRIVATE IP>:8443
I get the following error:
ERROR: cannot verify 's certificate, issued by '/C=?/ST=?/L=?/O=?/OU=?/CN=Unknown':
Self-signed certificate encountered.
ERROR: certificate common name 'Unknown' doesn't match requested host name ''.
To connect to insecurely, use `–no-check-certificate'.
Is there a way to specify in the configuration that both public and private IPs should be accepted?
I also tried including multiple connectors in server.xml containing the address attribute but it doesn't work.
Best Answer
I think you've got two fundamental problems here. Firstly, while Windows (as far as I know) implements a central certificate storage-and-validation mechanism, which applications generally call to (e.g.) validate an SSL certificate, UNIX apps all roll their own. So just because one browser works, it doesn't mean another browser, or
wget, will - and what a PHP script will do is a complete mystery, and entirely dependent on the library in question.Secondly, you've decided to go with an SSL certificate that embeds an IP address instead of a hostname, and we've had problems doing that before, around these parts.
My own feeling is it's not a good use of qualified time to continue trying to make this strategy work. Instead, register a domain name - they cost next to nothing, and are usually easier to type than ip addresses - and set up split-horizon DNS so that internal clients get the internal address, and external clients get the external one. That removes both of your problems in one swoop.