Home > Backend Development > Golang > Why Does My Go TLS Connection Fail with \'x509: certificate relies on legacy Common Name field\'?

Why Does My Go TLS Connection Fail with \'x509: certificate relies on legacy Common Name field\'?

Barbara Streisand
Release: 2024-10-28 02:22:31
Original
981 people have browsed it

Why Does My Go TLS Connection Fail with

Go TLS Connection Fails with "x509: certificate relies on legacy Common Name field" Error

When attempting to establish a TLS connection to MongoDB using Go, a "failed to connect: x509: certificate relies on legacy Common Name field" error may arise. This issue originates from certificate validation checks that have been updated to prioritize Subject Alternative Names (SANs) over Common Name (CN) fields for certificate identity.

Root Cause:

The certificate being used for TLS authentication relies on a legacy Common Name field instead of SANs, which are considered more secure for identifying hosts. Current versions of Go have stricter certificate validation checks that enforce the use of SANs.

Solution:

To resolve this issue, you need to rectify the certificate itself by ensuring that it includes SANs. This involves generating a new certificate with the appropriate SAN fields or reconfiguring the existing certificate to include them.

Fix the Source:

  1. Create a CSR (Certificate Signing Request): Use a tool like OpenSSL to create a CSR that includes SAN fields for the desired hostnames.
  2. Sign the CSR with a Root CA: Use the root certificate authority (CA) that issued the original certificate to sign the CSR, creating a new certificate with the included SANs.

Inspecting the New Certificate:

Confirm that the SAN fields are present in the newly generated certificate by inspecting it using the following command:

openssl x509 -in server.crt -noout -text
Copy after login

Note:

Once you have generated a certificate with SANs, you can use it with your Go code to establish a TLS connection without encountering the "x509: certificate relies on legacy Common Name field" error. It may be necessary to update the certificate files in your Go code and restart the connection process to ensure the new certificate is used.

The above is the detailed content of Why Does My Go TLS Connection Fail with \'x509: certificate relies on legacy Common Name field\'?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template