Error WebPKIError(CAUsedAsEndEntity)

1

I'm trying to connect to a server which is using TLS, with the help of tokio-rustls and webpki-roots crates, but since my server has self-signed-certificate, I don't know how can I connect without passing a DNSNameRef. I'm kind of new to this topic. can anyone help me ?

use std::{boxed::Box, error::Error, sync::Arc};
use tokio::prelude::*;
use tokio::{
    fs::{File, OpenOptions},
    net::{TcpListener, TcpStream},
    prelude::*,
};
use tokio_rustls::{rustls::ClientConfig, webpki::DNSNameRef, TlsConnector};

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    let mut config = ClientConfig::new();
    config
        .root_store
        .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);

    let connector = TlsConnector::from(Arc::new(config));

    let stream = TcpStream::connect("127.0.0.1:456").await?;

    let domain = DNSNameRef::try_from_ascii_str("eaxmple.com")  // this is the problem ...
        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid dnsname"))?;

    let mut stream = connector.connect(domain, stream).await?;
    
    // ...

    Ok(())
}

Thanks

2

That error indicates that your server is trying to use a certificate meant for a Certificate Authority (CA) as an end-entity certificate, which is not allowed. You need to use the CA's certificate to sign an end-entity certificate instead.

3

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.