我对我的SSL证书续订感到生气。 事情就是这样:我刚刚创建了新证书(.key,.csr,以及来自https://www.startcomca.com/的所有内容)。 我配置了我的apache Web服务器以匹配配置文件:
SSLCertificateFile /etc/ssl/private/2_myhiddendomain.com.crt
SSLCertificateKeyFile /etc/ssl/private/myhiddendomain.com.key
SSLCertificateChainFile /etc/ssl/private/1_root_bundle.crt
我的意思是,一切都运作良好。证书布局合理,安装良好,一切正确且有效,正如我在非常有用的工具上看到的那样:https://www.ssllabs.com/ssltest/
但是有一点,当我尝试从任何浏览器(FF,Safari,Chrome)访问网站时,浏览器安全性告诉我:
Your connection is not secure
The owner of www.myhiddendomain.com has configured their website improperly.
To protect your information from being stolen, Firefox has not connected to this website.
www.myhiddendomain.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
Error code: SEC_ERROR_UNKNOWN_ISSUER
我真的认为问题是中间证书或根证书,可能是未正确设置的。我不知道如何让我的证书受到信任"。我理解这个问题,但无法找到任何解决方案来使其发挥作用。
4小时的调查似乎还不够,所以如果有人可以提供帮助:-) 谢谢!