I am trying to do a TLS authentication of a remote server. This server is configured with two certificates (one root and one it's own). Locally, I have the same root certificate. I am doing a TLS handshake (to validate that server can be trusted) by creating a client locally. However, on doing that, I am getting error: x509: Certificate is valid for ServerCommonName, not ClientCommonName. When I am trying to validate certificates present by server, ideally, the certificate chain of server should have a root cert that I trust and this is fine. Not able to understand why getting this particular error.
Can someone help? Below is the code...
func CheckTLSendpoint() error {
getDecoded()
var tlsConfig tls.Config
cer, _ := tls.X509KeyPair(ClientCertPem, ClientKeyPem)
// Checking verification of server certificate by the client is required or not
rootCA := x509.NewCertPool()
rootCA.AppendCertsFromPEM(RootCaPEM)
tlsConfig = tls.Config{
RootCAs: rootCA,
Certificates: []tls.Certificate{cer},
ServerName: "ClientCommonName", //this is common name of my client certificate
}
tlsConfig.BuildNameToCertificate()
rAddr := "10.20.30.40:3325"
conn, err := net.DialTimeout("tcp", rAddr, 10*time.Second)
defer conn.Close()
if err != nil {
return fmt.Errorf("TCP connection error : %s", err.Error())
}
c := tls.Client(conn, &tlsConfig)
defer c.Close()
err = c.Handshake()
if err != nil {
return fmt.Errorf("TLS connection error : %s", err.Error())
}
return nil
}