This is an automated archive.

The original was posted on /r/openssl by /u/__pk on 2023-04-02 20:04:23+00:00.


I am trying to setup a mutual TLS authentication scheme between two VMs with self-signed certificates. SANs & CNs point to IPs (the VMs are not exposed to browsers and they do not have domain names).

I have failed to establish a connection between a gRPC Python server and a gRPC Tonic Rust client. I am trying to understand if there is a language or a protocol-dependent error.

I used the commands listed in the .sh file here: https://github.com/rustls/rustls/tree/main/test-ca

to generate keys/certs for a server and a client (with IP.1 records for SANs). I have added the local root CA to the trust store of each VM.

Error in Rust client: presented server name type wasn’t supported’

Error in Python server: SSLV3_ALERT_BAD_CERTIFICATE

What CN/SAN/domain would you choose for this case? Is this scenario possible or I am missing something?