M2Crypto SSL Check Error: Peer certificate subjectAltName does not match [Solved]

Updated on September 2, 2017

Question: I’m stuck with M2crypto SSL check error while installing Webmin package on RHEL 5.5. Here’s the complete error message:

# yum install webmin
File "/usr/lib64/python2.4/site-packages/M2Crypto/SSL/Checker.py", line 88, in__call__
M2Crypto.SSL.Checker.WrongHost: Peer certificate subjectAltName does not match host, expected netix.dl.sourceforge.net, got DNS:mirrors.netix.net

How to solve this issue?

m2crypto ssl check error

How to solve the error M2Crypto SSL Check Error: Peer certificate subjectAltName does not match?

It looks like RHEL 5.5 has an older version of M2crypto library. According to the bug report released in 2009, M2crypto package has a bug – where the M2crypto SSL certificate checker wrongly rejects certificates that has no host name mentioned in subjectAltName extension. Later, the bug was fixed and now the M2crypto package uses the certificate’s subject field, if subjectAltName does not contain host name. So the solution is to update M2crypto package before installing Webmin package.

# yum update m2crypto
Loaded plugins: security
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package m2crypto.x86_64 0:0.16-9.el5 set to be updated

Upon successful update of m2crypto, install webmin.

# yum install webmin
Resolving Dependencies
--> Running transaction check
---> Package webmin.noarch 0:1.831-1 set to be updated
Installing : webmin 
Webmin install complete. You can now login to https://gridfs.ctsf.cdac.org.in:10000/
as root with your root password.
 webmin.noarch 0:1.831-1

Was this article helpful?

Related Articles

Leave a Comment