PKI 证书层次结构

PKI 证书层次结构

我跟随https://jamielinux.com/docs/openssl-certificate-authority/index.html创建根 ca 和中级 ca 后,链文件不再像其他 ca 那样具有层次结构。

这是预期层次结构的示例:

在此处输入图片描述

  • 根 CA 创建
  • 由根 CA 创建并签署的中级 CA
  • 域证书由中间人创建并签署。

创造https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file

但是通过 Firefox 导入ca-chain.cert.pem包含中间文件和根文件(正是这个顺序)。只需导入中间文件即可。

在此处输入图片描述

在此处输入图片描述

在浏览器中导入后,网站运行良好,但层次结构中没有根 CA。只有中间网站认证。

即使导入根 CA,证书也没有按我预期的那样分层。我错过了什么?

根证书:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f1:61:fb:1e:9e:12:3d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = [email protected]
        Validity
            Not Before: Jan  1 00:00:00 2018 GMT
            Not After : Jan  1 00:00:00 2058 GMT
        Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = [email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
                    54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
                    7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
                    21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
                    64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
                    2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
                    42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
                    23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
                    29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
                    25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
                    f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
                    86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
                    fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
                    29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
                    ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
                    a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
                    03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
                    b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
                    df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
                    aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
                    41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
                    76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
                    68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
                    f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
                    15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
                    f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
                    d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
                    58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
                    4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
                    6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
                    f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
                    27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
                    2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
                    ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
                    3d:cf:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
            X509v3 Authority Key Identifier:
                keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Issuer Alternative Name:
                <EMPTY>

            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
         8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
         54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
         0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
         fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
         76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
         5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
         f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
         cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
         76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
         e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
         a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
         b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
         8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
         bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
         2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
         32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
         2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
         59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
         1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
         04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
         37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
         03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
         a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
         ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
         e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
         c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
         20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
         4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
         c7:5c:5f:fd:ec:0c:07:66

中级 CA:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = [email protected]
        Validity
            Not Before: Jan  1 00:00:00 2018 GMT
            Not After : Jan  1 00:00:00 2048 GMT
        Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = [email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
                    b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
                    98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
                    2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
                    f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
                    94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
                    4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
                    47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
                    12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
                    5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
                    42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
                    07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
                    8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
                    da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
                    d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
                    31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
                    e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
                    c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
                    05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
                    17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
                    4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
                    b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
                    89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
                    15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
                    e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
                    73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
                    8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
                    18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
                    03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
                    e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
                    50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
                    7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
                    3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
                    77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
                    d2:82:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
            X509v3 Authority Key Identifier:
                keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
         d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
         3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
         4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
         eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
         c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
         67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
         e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
         73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
         e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
         66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
         75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
         4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
         6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
         ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
         59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
         9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
         5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
         5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
         c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
         9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
         86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
         61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
         2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
         6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
         58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
         f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
         5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
         af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
         1a:d3:32:15:7a:d7:f7:63

连锁CA:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = [email protected]
        Validity
            Not Before: Jan  1 00:00:00 2018 GMT
            Not After : Jan  1 00:00:00 2048 GMT
        Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = [email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
                    b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
                    98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
                    2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
                    f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
                    94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
                    4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
                    47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
                    12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
                    5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
                    42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
                    07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
                    8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
                    da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
                    d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
                    31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
                    e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
                    c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
                    05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
                    17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
                    4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
                    b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
                    89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
                    15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
                    e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
                    73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
                    8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
                    18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
                    03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
                    e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
                    50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
                    7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
                    3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
                    77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
                    d2:82:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
            X509v3 Authority Key Identifier:
                keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
         d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
         3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
         4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
         eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
         c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
         67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
         e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
         73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
         e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
         66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
         75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
         4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
         6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
         ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
         59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
         9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
         5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
         5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
         c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
         9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
         86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
         61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
         2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
         6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
         58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
         f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
         5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
         af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
         1a:d3:32:15:7a:d7:f7:63

答案1

HTTP 服务器必须具有服务器domainintermediate证书链。

cat certs/intermediate/certs/domain.cert.pem \ 
  certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem

但这并没有记录。

相关内容