SSL错误仅显示来自移动设备

Question

我在我的网站www.movi​​elee.com上使用PositiveSSL证书 每当我从我的三星S5设备浏览时，它都会显示

  

此网站的安全证书已过期

但是从PC浏览时从未遇到过任何错误。 这是中间证书的问题吗？ 我的浏览器和手机的时间日期设置都可以。 使用共享cPanel为网站。如果有一个解决方案摆脱cPanel管理的共享主机，请告诉我。

Answer 1

  

我正在为我的网站使用PositiveSSL证书   www.movi​​elee.com每当我从我的三星S5设备浏览时，它都会显示

     

此网站的安全证书已过期

证书似乎有效（见下文）。确保您的Samsung时钟设置正确。

还要确保与证书（及其链）关联的CRL有效。在您提出问题的时候，看起来似乎发布了新的CRL：

$ curl http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl | \
       openssl crl -inform DER -text -noout
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  139k  100  139k    0     0   661k      0 --:--:-- --:--:-- --:--:--  795k
Certificate Revocation List (CRL):
        Version 2 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
        Last Update: Aug 25 00:39:57 2014 GMT
        Next Update: Aug 29 00:39:57 2014 GMT
        CRL extensions:
            X509v3 Authority Key Identifier: 
                keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7

            X509v3 CRL Number: 
                199
Revoked Certificates:
    Serial Number: 07C977601B68FB2A2A061C2491521E5C
        Revocation Date: Feb 20 19:10:49 2014 GMT
    ...

---

$ openssl s_client -connect www.movielee.com:443 | \
          openssl x509 -text -noout
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e6:c8:59:6a:3b:28:2c:ff:af:4c:82:ad:b6:61:d1:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Validity
            Not Before: Aug 14 00:00:00 2014 GMT
            Not After : Aug 14 23:59:59 2015 GMT
        Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=movielee.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d2:ca:25:8f:bb:f2:35:a1:12:a0:af:f7:f6:ef:
                    39:32:4e:e5:21:32:6d:d0:9a:fc:1f:f1:df:0d:eb:
                    78:65:11:81:57:9b:75:cb:e0:45:2c:d8:55:2f:5e:
                    f3:5e:42:b2:49:99:bb:90:8b:59:15:de:fa:14:9b:
                    cd:b9:d2:48:27:9c:6e:df:fe:16:76:26:d3:ed:f8:
                    63:37:53:47:14:92:51:96:5c:e0:5d:b3:33:71:af:
                    47:b6:45:8b:26:e4:99:b8:ea:1b:41:78:92:f2:ec:
                    c6:4e:87:c5:3c:26:31:1f:b6:d9:32:28:39:31:4b:
                    24:81:61:e2:1a:89:df:e5:cf:04:3a:d8:25:fd:2e:
                    00:77:99:95:16:77:a7:b9:cb:b4:67:2e:21:4a:48:
                    98:49:a8:7d:52:3d:48:a3:a0:46:c9:dd:34:72:57:
                    e3:50:49:cb:66:6f:fb:73:39:71:7f:cd:a7:73:56:
                    4e:87:1f:55:e9:a4:ab:7b:5e:69:78:1a:ba:8b:a1:
                    c9:df:f5:36:51:2d:f9:ba:a1:6d:51:4d:ce:b7:94:
                    43:6b:0b:8e:7e:cd:47:a9:2d:ff:fa:0f:c5:c2:f6:
                    09:cd:99:3a:a0:e0:5e:ed:e0:6c:7a:bf:5f:d1:46:
                    0b:c1:9f:80:2e:6b:bc:37:61:c9:23:4f:df:57:a4:
                    f2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7

            X509v3 Subject Key Identifier: 
                8E:9E:11:F1:21:88:CF:0F:01:80:3B:A4:60:76:B0:76:B1:B6:CA:19
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.1.3.4
                  CPS: https://secure.comodo.net/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.comodoca.com

            X509v3 Subject Alternative Name: 
                DNS:movielee.com, DNS:www.movielee.com
    Signature Algorithm: sha256WithRSAEncryption
         8b:41:bf:20:da:b5:6a:8e:e9:88:a9:e2:3e:95:05:26:74:40:
         8b:38:1e:3d:be:14:19:5c:38:dc:30:87:94:77:0c:85:8f:7e:
         f3:a6:da:b5:3f:8f:2c:e5:90:bd:e4:f0:6a:20:22:98:6f:f7:
         22:f8:3c:02:25:6b:a0:b6:9d:eb:1a:b2:a1:17:e5:67:2b:2a:
         44:6f:37:70:59:a3:6f:9f:a7:32:50:49:ec:83:c0:4a:eb:65:
         c0:c3:a8:36:42:d1:59:0a:3e:d0:1d:36:d4:75:92:0b:2b:ed:
         a1:31:ca:b8:03:2b:44:91:e6:b2:7f:7b:01:dc:aa:c4:1d:cf:
         a0:d4:c8:da:c7:d2:de:d7:4e:de:49:1f:86:87:c7:5b:1d:ed:
         7f:dd:d0:c5:b2:16:fc:2c:54:13:5d:8e:02:e8:4c:c6:d1:1c:
         46:f4:a1:6d:fc:75:d8:fc:0d:28:f2:3d:6d:ab:e5:f3:5f:56:
         25:8b:9a:21:7a:46:b8:a9:eb:c9:a7:aa:30:a1:14:ec:be:65:
         af:f7:40:bb:5b:a8:f5:31:e3:24:d0:a7:be:22:dd:a6:52:d0:
         9f:30:56:9a:d8:d5:b2:f8:8b:ef:57:da:b4:e8:93:6b:67:25:
         27:a7:9c:8b:c2:32:46:b0:de:46:67:13:b2:05:9b:be:e7:9b:
         02:9f:22:f6