connecting to https endpoint and getting: Hostname/IP doesn't match certificate's altnames

[ddelizia]

I'm trying to connect to an external https REST service on heroku from my localhost with the following code:

request(
            {
                url: config.get('host') +req.originalUrl,
                method: req.method,
            }, function (error, response, body) {

            })

I get the following error in the callback:

Hostname/IP doesn't match certificate's altnames: "Host: localhost. is not in the cert's altnames: DNS:.herokuapp.com, DNS:herokuapp.com"
Host: localhost. is not in the cert's altnames: DNS:.herokuapp.com, DNS:herokuapp.com

if I connect to the same service installed locally everything works correctly, so it should be related with https.

Any help?

[simov]

What is the exact URL of your request config.get('host') +req.originalUrl?

[jperry]

I am getting this also. I am using a self signed cert and I don't want to do hostname checking. I have this in my requests

agentOptions: {
        ca: fs.readFileSync('ca.cert.pem')
    }

How do you set ignoreHostname?

[strictlyd]

Have you tried setting the rejectUnauthorized variable to false?

                url: config.get('host') +req.originalUrl,
                method: req.method,
                rejectUnauthorized: false
            }, 
function (error, response, body) {

            })```

[justinmchase]

It would be nice if rejectUnauthorized: false was on the front page docs somewhere.

[josepmesteves]

Doesn't rejectUnauthorized: false make you accept any server certificate? If that is the case, I don't consider it a valid solution.
I would like to verify the server by making sure the certificate is signed by a trusted CA (in my case, it is my own CA). I don't want to silence the whole thing and make it insecure.

[rcronc]

This stuff is horrible

[tomonari-t]

You have to match server certification's CommonName to client's hostname.

[ChrisBellewVgw]

You have to match server certification's CommonName to client's hostname.

Why is that the case? Why does the client care about it's own hostname existing in the servers certificate? This is about the authentication of the server. Thanks

[pkopac]

FYI I got this error while I was forwarding requests, I used request({host: 'something.com'... headers: req.headers... What I didn't realize at first was that in the headers there was host: 'localhost', which was the culprit. I replaced it and now it verifies OK.

[rarebreed]

I believe I am hitting the same issue. I get the following error while using node 6.10.3 and request 2.88:

Error: Hostname/IP doesn't match certificate's altnames: "Host: https. is not in the cert's altnames:

I tracked this down to the node tls.js code. Somehow, "https." is being passed as the hostname by request down to node. If I set rejectUnauthorized to false, my code works. So I am passing in the correct hostname in the url.

[Curti-s]

I believe this can be mitigated by using the api key provided by the target domain.

[alirayaneh]

FYI I got this error while I was forwarding requests, I used request({host: 'something.com'... headers: req.headers... What I didn't realize at first was that in the headers there was host: 'localhost', which was the culprit. I replaced it and now it verifies OK.

my problem solved . i have forget modify req.header and change host .

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.