Error WebPKIError(CAUsedAsEndEntity)

I'm trying to connect to a server which is using TLS, with the help of tokio-rustls and webpki-roots crates, but since my server has self-signed-certificate, I don't know how can I connect without passing a DNSNameRef. I'm kind of new to this topic. can anyone help me ?

use std::{boxed::Box, error::Error, sync::Arc};
use tokio::prelude::*;
use tokio::{
    fs::{File, OpenOptions},
    net::{TcpListener, TcpStream},
use tokio_rustls::{rustls::ClientConfig, webpki::DNSNameRef, TlsConnector};

async fn main() -> Result<(), Box<dyn Error>> {
    let mut config = ClientConfig::new();

    let connector = TlsConnector::from(Arc::new(config));

    let stream = TcpStream::connect("").await?;

    let domain = DNSNameRef::try_from_ascii_str("")  // this is the problem ...
        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid dnsname"))?;

    let mut stream = connector.connect(domain, stream).await?;
    // ...



That error indicates that your server is trying to use a certificate meant for a Certificate Authority (CA) as an end-entity certificate, which is not allowed. You need to use the CA's certificate to sign an end-entity certificate instead.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.