我尝试使用" Nginx"来尝试在所有子域上使用HTTPS,但是接收:
This server could not prove that it is api.wokcraft.com; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
任何人都能告知遗失的内容吗? THX
编辑:我按照以下说明操作:https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1091/0/certificate-installation--nginx
答案 0 :(得分:1)
Nginx不会发送正确的中间证书列表:https://www.ssllabs.com/ssltest/analyze.html?d=api.wokcraft.com&latest
答案 1 :(得分:1)
您想以这种方式创建Comodo Bundle(将 your_cert 替换为您文件的实际名称):
cat your_cert.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > your_cert.ca-bundle
完成后,将其复制到您的服务器,就像在Nginx中这样设置:
ssl_certificate /your/ssl/path/your_cert.ca-bundle;
ssl_certificate_key /your/ssl/path/your_cert_privateKey.key;
验证证书和密钥在复制后是否匹配(比较md5哈希)。
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
测试配置(需要以sudo身份运行):
sudo nginx -t
如果没有错误,请重新加载nginx并重新运行SSLlabs检查:
https://www.ssllabs.com/ssltest/analyze.html?d=api.wokcraft.com