小贝子编程

启动SSL证书显示为net :: err_cert_authority_invalid在浏览器中



我已经"购买"了我的开发域1级免费1级DV证书,并按照其说明将其安装在Nginx上。

我注意到,他们提供的Nginx证书包含DV证书,并添加了10个域名别名以及中间证书,他们说应根据浏览器有效(我已经在Chrome上尝试过,并且Firefox,结果相似)。

证书以无效:https://gb.qa.vendigo.build/

但是,几乎每个SSL验证工具都显示为一个完整的链,根本没有问题,除了一个工具:

http://www.sslchecker.com/sslchecker?su = 1e9941a064b5bc0b92fbfa310aaeae796b

显示缺失的"根"证书。但是,补充说根证书无济于事,实际上SSL检查器(上面列出)将显示为root作为现在,但随后列出了另一个缺少的证书。下载和安装这些证书只会使该链的增长无济于事。

我现在已经被卡住了!我是否缺少明显的东西,或者这只是一个不好的证书?

nginx配置看起来像:

# gb.qa.vendigo.build
upstream cc574309c4214a6c01eb8d3dbe9f701eee9daf3d {
            ## Can be connect with "bridge" network
            # sample-1.antony-cert-test.11b35827
            server 172.17.0.6:80;
            ## Can be connect with "dockercloud" network
            # sample-1.antony-cert-test.11b35827
            server 10.7.0.24:80;
}
server {
    server_name gb.qa.vendigo.build;
    listen 80 ;
    listen [::]:80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name gb.qa.vendigo.build;
    listen 443 ssl http2 ;
    listen [::]:443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-   POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/vendigo.build.crt;
    ssl_certificate_key /etc/nginx/certs/vendigo.build.key;
    add_header Strict-Transport-Security "max-age=31536000";
    location / {
        proxy_pass http://cc574309c4214a6c01eb8d3dbe9f701eee9daf3d;
    }
}

感谢我的朋友杰夫(Geoff)和@tkausl快速答案 - 启动不再被视为知名的提供者:

https://danconnor.com/posts/50f65364a0fd5fd1f7000001000001/avoid_startcom_startsssl_like_the_plague_

和 @tkausl的响应中的链接,这在我的任何搜索中都没有出现。

我想我会为证书付款!

不信任新的wosign和startcom证书

检查letsencrypt,它应该满足您的需求。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium