I have a project on Azure Websites, hosting an API which should be accessible only using HTTPS, using my custom .com domain. A-Records were created to the .com domain, which is working properly. The SSL Certificate were bought, uploaded and the SSL bindings are set-up correctly in the management panel.
When I access a method of the API using IE/Chrome/FF, the proper certificate (issued for my .com domain) is displayed. When I access it using the following PHP code using curl, I get an error message as if the server responded with the default *azurewebsites.com certificate, which fails as the request was made to the .com domain.
$ch = curl_init('https://mydomain.com/api/v1/method');
$cabundle = dirname(__FILE__).'/ca-bundle.crt';
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $jsonRequest);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt( $ch, CURLOPT_HEADER, 0);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt( $ch, CURLOPT_CAINFO, $cabundle);
$content = curl_exec($ch);
$curlInfo = curl_getinfo($ch);
(as you can see, I'm already using the CA file required to validate the certs, if I run a file_exists
passing the $cabundle
variable as parameter, it returns true)
The error I get:
curl error 51: SSL: certificate subject name '*.azurewebsites.net' does not match target host name 'mydomain.com' content
As already told, if I access the same URL using a browser, the correct certificate for my .com domain is the one shown in the view certificate details screen.
What should I do either for curl requesting/validating the right certificate, or Azure respond with the correct certificate for the domain requested?
PS: setting CURLOPT_SSL_VERIFYPEER
to false
, or CURLOPT_SSL_VERIFYHOST
to 0
or 1
are not options, security is essential to this project, and a MITM attack could be very harmful.