我最近为
- 域名1.com
- *.domain1.com
- 域名2.com
- *.domain2.com
现在当我访问http://domain1.com在 Firefox 中我得到:
domain1.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The certificate is only valid for the following names:
*.domain1.com , domain2.com , *.domain2.com
(Error code: sec_error_unknown_issuer)
它抱怨 SSL
- 由不受信任的机构颁发-这很好......
- 并且对于所讨论的域名无效
这是我的文本形式的 SSL 证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Connecticut, L=Stamford, O=Example, Inc., CN=Example-CA/[email protected]
Validity
Not Before: Oct 28 11:26:20 2010 GMT
Not After : Oct 28 11:26:20 2011 GMT
Subject: C=US, ST=Connecticut, L=Stamford, O=Example, Inc., CN=domain1.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
Modulus (4096 bit):
00:b8:bf:9a:73:a0:6e:b6:2d:98:97:74:03:fc:76:
44:36:1d:e8:e8:49:2c:02:01:45:77:24:fb:cc:37:
22:af:8c:41:2d:92:63:74:e3:08:81:59:49:2b:96:
22:bd:2e:f9:55:dd:d9:cb:7e:e8:bd:ce:15:24:87:
2d:9b:1a:9c:8e:bd:fe:20:99:cf:8c:29:d2:92:af:
5f:dc:7e:17:5e:25:e6:c2:bf:70:79:0f:e9:78:74:
a4:6c:15:4f:8b:c7:45:11:d0:4c:f0:05:85:cf:c0:
bc:37:e5:c7:45:fd:8e:05:37:c1:aa:50:ef:14:ab:
55:f9:7d:79:b7:1e:bd:83:bd:cf:59:25:e0:d9:99:
17:d7:00:46:8b:86:58:bf:66:1a:77:e0:a6:35:81:
45:51:0a:e7:86:f6:40:c7:73:a7:4a:b8:c4:66:5d:
dd:8b:9a:0f:8c:48:05:d5:bf:53:bc:e6:5b:60:3c:
50:21:a2:2c:e5:e1:15:eb:14:18:3d:f0:80:59:08:
74:f8:e7:d5:e9:7d:82:73:f2:f1:dc:e8:d9:7f:46:
d5:68:eb:c0:e2:6b:f1:6f:90:c3:af:66:d5:f3:24:
93:a1:9f:bd:a9:62:c9:0a:76:8e:b4:a1:28:4e:b7:
09:e3:90:99:44:4d:3e:4d:89:ec:7c:7f:ac:b5:77:
e3:8d:af:e3:da:09:98:51:09:bf:76:ac:d9:1a:34:
0c:4c:3c:43:eb:47:d6:b7:ed:d4:42:35:09:a0:b2:
98:3f:ad:b7:d1:49:4d:df:72:07:48:6c:3e:df:67:
6a:48:14:4b:0c:d4:48:37:a5:c8:f6:7b:4d:d3:01:
3f:32:e8:a9:ef:92:55:cb:24:25:9f:c0:98:53:d2:
0b:fa:30:3d:3d:c5:9d:90:cd:bf:c8:01:d3:7a:c2:
3a:78:b7:db:eb:c2:ee:de:bc:5c:c4:74:af:5a:23:
08:e5:8c:df:ec:0d:f1:b3:7a:86:88:99:17:e8:d9:
81:b2:3c:eb:40:d9:b3:09:82:5b:e0:fa:84:68:ed:
c6:2c:c9:59:93:c3:f8:80:70:67:1f:6c:f8:3c:25:
63:95:ee:de:e2:ba:92:34:b0:f8:a1:53:5b:22:d9:
f3:d3:4c:1a:91:12:e6:0d:af:e3:99:3a:29:d0:ba:
57:d3:08:3d:a1:2f:91:61:a2:86:f6:f8:33:61:dc:
da:39:82:03:25:f3:88:5a:8a:88:e3:be:5e:78:1b:
c2:74:a4:c8:0f:66:18:2a:1e:a0:a9:ac:1c:71:50:
81:b5:6e:d4:2a:c3:b6:bd:85:ea:ef:72:3d:76:08:
79:d5:59:6a:b4:f2:54:33:61:76:49:13:93:95:e5:
86:2a:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
3F:40:13:7E:25:04:0A:B9:0F:5F:DE:5E:9D:55:94:10:EE:F2:2B:B0
X509v3 Authority Key Identifier:
keyid:8E:C4:D5:F3:69:12:A9:75:DA:0D:9B:59:11:C8:DE:53:67:C0:DA:1B
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:*.domain1.com, DNS:domain2.com, DNS:*.domain2.com
Signature Algorithm: sha1WithRSAEncryption
20:cd:15:09:9a:0b:7b:90:bd:db:83:fd:21:15:9a:32:21:8e:
98:42:28:63:8b:fe:9c:36:73:9e:2f:2c:87:af:a4:0d:01:06:
f4:5e:c1:76:d9:3b:ab:85:90:87:8e:8a:63:a8:d8:49:82:98:
a3:4b:4e:dc:fe:4f:af:6e:86:4c:64:55:74:ca:cd:7b:db:4a:
b8:b0:ad:f5:75:c3:92:da:a7:2c:72:d0:dd:2e:0b:78:85:91:
03:fd:51:40:df:58:02:c1:ab:c8:5d:09:4a:7c:15:e3:ec:30:
13:ea:b3:26:bc:56:a2:66:a0:5d:d7:26:9c:f9:24:47:a7:55:
15:5f:8a:d0:02:92:fd:f9:4d:40:74:7a:c1:a5:85:bc:83:ff:
c5:d7:1d:97:48:e3:58:c6:c3:b9:ba:65:f7:ba:c8:db:86:13:
32:48:42:fe:cf:07:58:47:3d:66:bd:87:c2:40:86:1b:3b:82:
01:e1:57:7f:04:89:9c:45:2e:d9:7c:ae:cf:4f:87:50:0a:f0:
ff:f6:b3:c1:ce:24:21:1c:2f:3c:62:80:a6:5d:3b:61:6c:b7:
e4:22:c0:ed:a5:07:c5:a9:ad:e5:26:24:f2:d0:29:3e:b7:dc:
b6:3a:2c:76:ee:a5:8e:ba:cf:bf:65:b3:40:93:9f:ad:82:1b:
b2:d6:28:4c:2c:6b:3c:db:da:5f:73:20:3d:1b:59:13:93:de:
cd:03:df:e8:fa:13:1f:9d:30:99:83:0b:12:60:63:65:64:d8:
1e:3f:7e:4b:3a:fe:e4:19:db:55:f5:95:cc:77:f6:64:5b:53:
4b:d0:e0:30:35:91:81:b8:65:2d:81:4e:1f:aa:c8:b3:d2:d8:
7d:85:47:49:1d:a5:bc:65:16:a5:bb:3e:ea:12:f4:70:e7:11:
59:52:d8:2b:5d:4e:14:5f:d3:ae:45:69:17:61:bc:43:dc:9a:
03:c2:8b:79:f3:39:f4:a4:7f:f7:3c:c5:b7:9e:df:52:1b:41:
8d:c4:5e:bf:5e:17:3e:c8:07:6f:35:47:a4:32:0f:8d:cc:ad:
45:0e:72:a5:74:0d:08:64:cf:da:79:cb:e2:c5:73:78:ff:f6:
fc:c8:b3:d2:88:ea:03:10:36:eb:d5:79:d6:97:99:17:cd:e3:
17:cc:2a:27:0f:ff:41:84:8e:38:f0:b0:c2:7d:cb:b2:a1:40:
af:74:98:fb:87:15:53:68:24:39:cb:8e:63:cf:c0:56:b3:7c:
2f:39:5e:bd:6e:cf:5a:43:37:f6:20:db:34:65:48:8f:0e:49:
6c:66:a5:a5:70:2f:09:d6:0f:ed:f8:86:a2:17:67:2b:fe:d3:
aa:7b:56:7d:63:c3:17:a0
答案1
您需要将 domain1.com 包含为主题备用名称。如果存在主题备用名称,大多数浏览器都会忽略主题中的通用名称。这就是为什么 Firefox 认为证书对以下情况无效:https://domain1.com