分享程序员开发的那些事...
更新时间:2022-02-26 08:54:23
您的证书文件中可能缺少中间证书.如果您已经访问了另一个具有相同证书销售者的网站,则中间证书将在您的浏览器中记住.对于您网站的每个访问者来说,情况可能并非如此,甚至更好.要解决SSL连接中缺少的中间证书,您需要将中间证书添加到自己的证书文件中.
You might be missing an intermediate certificate in your cert file. If you have already visited another website which has the same certificate seller, the intermediate certificate is remembered in your browser. This might not - or even better - will not be the case with every visitor to your website. To solve a missing intermediate certificate in the SSL connection, you will need to add the intermediate certificate to your own certificate file.
GoDaddy具有有关中间证书的一些信息(但***的来源始终是您的证书提供者): http://support.godaddy.com/help/article/868/什么是中级证书
GoDaddy has some info on the intermediate certificates (but the best source is always your certificate provider): http://support.godaddy.com/help/article/868/what-is-an-intermediate-certificate
我曾经发行过一个中间证书(也与Commodo一起发行),并且不得不将我自己的证书文件与中间CA结合使用.一旦完成,就不会再发生错误了.
I once had this issue of an intermediate cert (with Commodo too) and had to combine my own cert file with the intermediate CA's to work. Once done no errors occurred anymore.
Installation instructions per webserver by Godaddy: http://support.godaddy.com/help/article/5346/installing-an-ssl-server-instructions?locale=en
And here is a list of the most common installation guides by Commodo themselves: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1145/0/how-do-i-make-my-own-bundle-file-from-crt-files
根据所使用的Web服务器,您需要按以下顺序指定所有证书(域证书,中间证书和根证书)或将它们组合为一个证书(例如,对于Nginx):
Depending on what webserver you are using, you'll need to specify all certificates (domain certificate, intermediate and root) or combine them into one (eg for Nginx) in the order:
在SSH终端中执行此操作的一种简单方法是键入:
An easy way of doing this in an SSH terminal is by typing:
cat domainfile intermediatefile rootfile > targetfile
如果您遇到其他问题或不确定证书是否正确,请尝试使用在线工具来验证您的SSL证书.例如:networking4all.com/en/ssl+certificates/quickscan
If you encounter further problems or are unsure whether the certificate is correct, please try an online tool to verify your SSL certificate. For instance: networking4all.com/en/ssl+certificates/quickscan
请注意,android 2.2(可能更旧)不支持SNI,SNI允许针对不同主机名的多个SSL证书在一个IP地址上正常工作.感谢@technyquist提供该信息.请查看有关SNI的SO问题,以获取有关此问题的更多信息.
Please note android 2.2 (and probably older) do not support SNI, which allows multiple SSL certificates for different hostnames to work without issues on one single IP address. Thanks to @technyquist for providing that information. Please review this SO question about SNI for more information on this issue.