这是关于我们使用的支付服务提供商的 https。我们已经通知他们有关问题,该问题导致一些 Android 设备在浏览器重定向到 https 地址时显示 SSL 错误消息。但他们还没有找到解决方案,所以我正在尝试为他们找到提示。
在 的输出中openssl s_client -connect pep.shaparak.ir:443,您可以看到项目 1 和项目 2 是相同的。如果服务器是 apache,我猜那是因为 中引用的文件内容有误SSLCertificateChainFile。但我不知道 中的等效项IIS。
CONNECTED(00000003)
depth=1 CN = T\C3\9CRKTRUST Elektronik Sunucu Sertifikas\C4\B1 Hizmetleri, C = TR, O = T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E. (c) Kas\C4\B1m 2005
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=IR/ST=TEHRAN/L=TEHRAN/OU=IT DEPARTMENT/O=SHAPARAK ELECTRONIC CARD PAYMENT NETWORK CO. (PJS)/CN=pep.shaparak.ir
i:/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
1 s:/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
i:/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
2 s:/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
i:/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
---
Server certificate
-----BEGIN CERTIFICATE-----
((blah blah))
-----END CERTIFICATE-----
subject=/C=IR/ST=TEHRAN/L=TEHRAN/OU=IT DEPARTMENT/O=SHAPARAK ELECTRONIC CARD PAYMENT NETWORK CO. (PJS)/CN=pep.shaparak.ir
issuer=/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
---
No client certificate CA names sent
---
SSL handshake has read 4518 bytes and written 634 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: FE169BDE3DEFEC4C332981D093AC4A1BAC2A2D0F88C99A7D60428073A6154554
Session-ID-ctx:
Master-Key: 7997043C235AC35382526AC89469E8896D0BCB61289A324520665B9B251462E560C26CC9A1372D887D5F9A1F20844F84
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
((blah blah))
Start Time: 1404818844
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
谢谢!