Ssl

Webkit 不適用於 GoDaddy SSL 證書

  • January 6, 2010

Web 從 GoDaddy 購買了一個 ssl 證書並正確安裝。但是,在任何 webkit 瀏覽器上,它都表示該站點不受信任。有誰知道為什麼 webkit 不喜歡 GoDaddy 證書?

以下是網站詳情:

替代文字 http://www.puc.edu/__data/assets/image/0012/62022/Screen-shot-2010-01-05-at-12.01.07-PM.png

它可能是舊版本的 Apache 或 openssl?這會影響證書的有效性嗎?

聯繫 GoDaddy 沒有任何幫助,他們只知道從支持手冊中讀出的內容。

這更有可能是客戶端的問題:您的基於 webkit 的客戶端是否安裝了最新的受信任根證書?另外,您是否在您的網路伺服器上安裝了 GoDaddy 的中間證書和根證書?

SSL 檢查器顯示伺服器沒有發送任何中間證書。這在大多數瀏覽器上都不是問題,因為它們預設信任 GoDaddy 頒發的證書。要讓它適用於 WebKit 瀏覽器,您只需將以下內容放入名為 intermediates.crt 的文件中:

    • -開始CERTIFICATE —– MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161 + 4WQFapmGBWTtwY6vj3D3H KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm VZWt7 / V + WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR SgAvSMeYddi5Kcju + GZtCpyz8 / x4fKL4o / K1w / O5epHBp + YlLpyo7RJlbmr2EkRT cDCVw5wrWCs9CHRK8r5RsL + H0EwnWGu1NcWdrxcx + AuP7q2BNgWJCJjPOq8lh8BĴ6qf9Z / dFjpfMFDniNoW1fho3 / Rb2cRGadDAW / hOUoz + EDU8CAwEAAaOCATIwggEu MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV + auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH / AgEAMDMGCCsGAQUFBwEB BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9 + aG2Z + 5mC6IG OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T + 5O 0yGPwLPk9Qnt0hCqU7S + 8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX RE4 + uXR21aITVSzGh6O1mawGhId / dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH qDTMBqLdElrRhjZkAzVvb3du6 / KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV U + 4 = —– END證書———-開始CERTIFICATE —– MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1 + pXGEmhW + vXX0iG6r7d / + TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9 / AlQiVBDYsoHUwHU9S3 / Hd8M + eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2 + qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i / ojgC95 / 5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD + QTA / KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo + YihfukEHU1jPEX44dMX4 / 7VpkI + EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h / t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2H / t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ + YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1 / blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI gciKqdi0FuFskg5YmezTvacPd + + + mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV I6ShHI56yDqg + 2DzZduCLzrTia2cyvk0 / ZM / iZx4mER DER / VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw + VHX / bvZ8 = —– END CERTIFICATE —–證書 - - -證書 - - -證書 - - -證書 - - -

然後確保在 SSLCertificateFile 和 SSLCertificateKeyFile 旁邊的 Apache 配置文件中有這一行(帶有證書的實際路徑):

SSLCertificateChainFile /etc/ssl/crt/intermediates.crt

安裝後,您應該在使用SSL Checker進行檢查時看到伺服器發出的這些證書。

引用自:https://serverfault.com/questions/99754