Go TLS Connection Fails with "x509: certificate relies on legacy Common Name field" Error
When attempting to establish a TLS connection to MongoDB using Go, a "failed to connect: x509: certificate relies on legacy Common Name field" error may arise. This issue originates from certificate validation checks that have been updated to prioritize Subject Alternative Names (SANs) over Common Name (CN) fields for certificate identity.
Root Cause:
The certificate being used for TLS authentication relies on a legacy Common Name field instead of SANs, which are considered more secure for identifying hosts. Current versions of Go have stricter certificate validation checks that enforce the use of SANs.
Solution:
To resolve this issue, you need to rectify the certificate itself by ensuring that it includes SANs. This involves generating a new certificate with the appropriate SAN fields or reconfiguring the existing certificate to include them.
Fix the Source:
Inspecting the New Certificate:
Confirm that the SAN fields are present in the newly generated certificate by inspecting it using the following command:
openssl x509 -in server.crt -noout -text
Note:
Once you have generated a certificate with SANs, you can use it with your Go code to establish a TLS connection without encountering the "x509: certificate relies on legacy Common Name field" error. It may be necessary to update the certificate files in your Go code and restart the connection process to ensure the new certificate is used.
The above is the detailed content of Why Does My Go TLS Connection Fail with \'x509: certificate relies on legacy Common Name field\'?. For more information, please follow other related articles on the PHP Chinese website!