简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  Why Does My Go TLS Connection Fail with \"x509: certificate relies on legacy Common Name field\"?

Why Does My Go TLS Connection Fail with \"x509: certificate relies on legacy Common Name field\"?

Barbara Streisand
Barbara StreisandOriginal
2024-10-28 02:22:31902browse

Why Does My Go TLS Connection Fail with

Go TLS Connection Fails with "x509: certificate relies on legacy Common Name field" Error

When attempting to establish a TLS connection to MongoDB using Go, a "failed to connect: x509: certificate relies on legacy Common Name field" error may arise. This issue originates from certificate validation checks that have been updated to prioritize Subject Alternative Names (SANs) over Common Name (CN) fields for certificate identity.

Root Cause:

The certificate being used for TLS authentication relies on a legacy Common Name field instead of SANs, which are considered more secure for identifying hosts. Current versions of Go have stricter certificate validation checks that enforce the use of SANs.

Solution:

To resolve this issue, you need to rectify the certificate itself by ensuring that it includes SANs. This involves generating a new certificate with the appropriate SAN fields or reconfiguring the existing certificate to include them.

Fix the Source:

  1. Create a CSR (Certificate Signing Request): Use a tool like OpenSSL to create a CSR that includes SAN fields for the desired hostnames.
  2. Sign the CSR with a Root CA: Use the root certificate authority (CA) that issued the original certificate to sign the CSR, creating a new certificate with the included SANs.

Inspecting the New Certificate:

Confirm that the SAN fields are present in the newly generated certificate by inspecting it using the following command:

openssl x509 -in server.crt -noout -text

Note:

Once you have generated a certificate with SANs, you can use it with your Go code to establish a TLS connection without encountering the "x509: certificate relies on legacy Common Name field" error. It may be necessary to update the certificate files in your Go code and restart the connection process to ensure the new certificate is used.

The above is the detailed content of Why Does My Go TLS Connection Fail with \"x509: certificate relies on legacy Common Name field\"?. For more information, please follow other related articles on the PHP Chinese website!

for include Error using this mongodb issue
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to Resolve Dependency Conflicts When Using GO111MODULE=on and Updating a Package with its Development Branch?Next article:How to Resolve Dependency Conflicts When Using GO111MODULE=on and Updating a Package with its Development Branch?

Related articles

See more