07-07-2022 09:09 PM
Hey everyone,
I am picking up again on a project that has me using AXL requests into CUCM 11.5. Initially I had this working per Cisco's PHP AXL Quickstart guide, however that is now not working. Doing some digging I found the common name of the cert was updated to use multi-san. So now instead of the CN of the cert being cucmpub.domain it now shows cucmpub-ms.domain. My context variable is as follows, which I thought bypassed certificate checks:
$context = stream_context_create(array('ssl'=>array('allow_self_signed'=>true)));
This connection fails with a 'cannot connect to host'. With these same values pointed to a different CUCM server we have in which the CN of the cert matches the hostname, my API is able to be called. I have also tried defining the cafile of the tomcat cert, which also fails.
Any thoughts on how to get a connection?
Thanks in advance!
07-07-2022 11:21 PM
Your example would validate for a certificate where the certificate authority cert and the host cert are the same (self-signed), but I think you also need '
'verify_peer_name'=>true
to allow it to validate when the CN and host name are mismatched (even downloading and specifying the cert file won't work, since the names don't match.)
But...
07-08-2022 06:39 AM
Thanks for the reply @dstaudt. I added the 'verify_peer_name' entry, however getting the same results. The hostname is defined in the SAN entry and am running PHP 7.3. I didn't see anything in the PHP docs that SAN checking but will reach out in a PHP community to see what insights they can provide. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide