General
cancel
Showing results for 
Search instead for 
Did you mean: 

problem using curl to access vendor's secure transfer site

 
SOLVED
Go to solution
Highlighted
Trusted Contributor

problem using curl to access vendor's secure transfer site

Trying to set up secure transfer to pull from vendor's secure transfer site. Using Curl 7.15.2 on hp-ux 11.11.

My command is like this:

curl --trace mytrace.out -u myname:mypass https://xx.xx.xx.xx

(where I am supplying our actual username and password and xx.xx.xx.xx = their secure transfer site)

Getting this response:

curl: (51) SSL: certificate subject name 'secureftp.theirname.com' does not match target host name 'xx.xx.xx.xx'

(where xx.xx.xx.xx = their address, same one I supplied in my curl command).

Also, if I use dig to lookup their name, I get back the correct ip address. But if I lookup the ip address, I get no answer.

It seems to me this is saying their name information is not defined properly in internet nameservers, and they need to get that corrected.

But if I use internet explorer on my pc, I can connect.

So, am I doing something wrong or can work around it in my Curl command somehow?

3 REPLIES 3
Highlighted
Trusted Contributor

Re: problem using curl to access vendor's secure transfer site

ok, well, if I use --insecure switch in my curl command, I get a connection.

I'm not sure of the advisability of doing that in my production program. Comments on that?

- John
Highlighted
Honored Contributor
Solution

Re: problem using curl to access vendor's secure transfer site

You get that message because you're not telling curl to connect to their name. You're telling curl to connect to an IP, so it expects to see a certificate for the IP address. Assuming that the name on the certificate is right, you should be able to get rid of the message by connecting to https://secureftp.theirname.com instead of to the IP.
Highlighted
Trusted Contributor

Re: problem using curl to access vendor's secure transfer site

Ah, OK. Thanks. Now I get a connection when specifying the name, and don't need to use --insecure.

I was using ip addr because that was all they gave me. I only discovered the name when I successfully connected to the ip addr from my internet explorer.