Zhiw
commented
1 year ago Hi, please check the Subject Alternative Name
$ openssl x509 -in cert.pem -noout -ext subjectAltName
X509v3 Subject Alternative Name:
IP Address:127.0.0.1the name must match the IP or DNS of your address
i use the MqttTwoWayTlsSample.java and emqx owner ca in directory : etc/certs , but the following error occurred。 when i use the mqtt.fx tool ,is ok the emqx version is 5.0.26。 Caused by: java.security.cert.CertificateException: No subject alternative names present at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:150) at sun.security.util.HostnameChecker.match(HostnameChecker.java:99) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:441) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:409) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:228) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:636)