我们用 GoDaddy 的新通配符 SSL 证书替换了旧的 SSL 证书。我们上周更换了此证书,从那时起就一直接到尝试注册的客户打来的电话,说出现了以下错误。
我们无法弄清楚到底发生了什么,因为我们已经在 IE 6、7、8、Chrome 和 Firefox 中测试了此证书,没有收到任何错误,但我们知道有问题,因为我们继续接到电话。据记录,我们确实在此机器上安装了多个 SSL 证书,但使用单独的 IP 地址来为它们提供服务。
任何帮助或想法都将不胜感激。
谢谢你,
答案1
$ curl -Iv https://classes.stcharleshealthcare.org/
* About to connect() to classes.stcharleshealthcare.org port 443 (#0)
* Trying 67.59.90.121... connected
* Connected to classes.stcharleshealthcare.org (67.59.90.121) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: serialNumber=ESKZZ-OSKRZAHAnZ8ssPXoULbrv1/Obw; C=US; ST=Oregon; L=Bend; O=St. Charles Medical Center; OU=GT14856843; CN=*.scmc.org
* start date: 2010-10-10 19:25:39 GMT
* expire date: 2012-01-13 10:20:49 GMT
* subjectAltName does not match classes.stcharleshealthcare.org
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK
因此,classes.stcharleshealthcare.org 的 DNS 将转到提供 *.scmc.org SSL 证书的服务器。检查 Apache 中的 DNS 和/或虚拟主机定义。
答案2
证书已颁发给 *.scmc.org,您正在尝试保护一个名为 stcharleshealthcare.org 的网站。显然您需要一个证书,例如 *.stcharleshealthcare.org
答案3
You attempted to reach classes.stcharleshealthcare.org, but instead you actually reached a server identifying itself as *.scmc.om
您正在使用与您的域名不匹配的通配符证书。