我刚刚使用我们的内部 Windows-CA 为我们的内部服务器“hdl-diamant”创建了一个证书。
当使用“https://hdl-diamant”调用网站时,我在 Edge (Chromium)、Chrome 和 Firefox 中收到“ERR_CERT_COMMON_NAME_INVALID”。
但在 IE 11 中,该证书被正常接受。
这里出了什么问题?
以下证书由网络服务器提供(您可以对其进行解码这里)
-----BEGIN CERTIFICATE-----
MIIF2TCCBMGgAwIBAgITSgAAACvsEpZoQcz3YwAAAAAAKzANBgkqhkiG9w0BAQsF
ADBBMRIwEAYKCZImiZPyLGQBGRYCZGUxGjAYBgoJkiaJk/IsZAEZFgpnb20tYmVy
bGluMQ8wDQYDVQQDEwZIREwtQ0EwHhcNMjAwODIxMTIwMDAwWhcNMjIwODIxMTIw
MDAwWjCBgDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
QmVybGluMSwwKgYDVQQKDCNGUsOWQkVMIEJpbGR1bmcgdW5kIEVyemllaHVuZyBn
R21iSDELMAkGA1UECxMCSVQxFDASBgNVBAMTC2hkbC1kaWFtYW50MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoilKAQZum2Jv+XfYDY4e2+uC+OTK4cF5
nGYuwjUUFfK+UKqHv5VrRxLZeLnch0kOZppVzpU47KwjdtU/jI/BqvVuYyrmW8yp
y2iYm6DevCi08hiDLiSis/sZ/9n6rdqEB2ZmgdIOoNtgL8qk5chxP6ljtJwFTdO2
ksg2oGNAg1UdPqdwVrqUhxI7Y3Gq6MsbajJ23pO4EHQTqMBWhzv1Ja2vtdJhSRrS
vMIWCq8nn9sQe5vyTqZMGoWtNHgOlSr4C4BN3AcbtkrB57CKWwZK2xLeneAMj5hM
ZPbkJaHONGKw6nIjeSoyowA9ZnpZeeTx4oBO3Cn+cpxH2/jWVaj/dQIDAQABo4IC
iDCCAoQwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMHgGCSqGSIb3
DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgB
ZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYF
Kw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFLSI88muthGWCDpMgD/NkrpijhqP
MB8GA1UdIwQYMBaAFJ5MjQtUxt6n9+UUrT2gdUvhP7OjMIHFBgNVHR8Egb0wgbow
gbeggbSggbGGga5sZGFwOi8vL0NOPUhETC1DQSxDTj1IREwtREMsQ049Q0RQLENO
PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy
YXRpb24sREM9Z29tLWJlcmxpbixEQz1kZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwgboGCCsG
AQUFBwEBBIGtMIGqMIGnBggrBgEFBQcwAoaBmmxkYXA6Ly8vQ049SERMLUNBLENO
PUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
b25maWd1cmF0aW9uLERDPWdvbS1iZXJsaW4sREM9ZGU/Y0FDZXJ0aWZpY2F0ZT9i
YXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwIQYJKwYBBAGC
NxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkqhkiG9w0BAQsFAAOCAQEACI23
mwPAtIDArRBW2sMDDFamsAs3XJh+dnzXTX4MvD/WQRh0zrN8l4sHLiNVI/r9662n
dohB80e62zM/fGIOTXZ9arCWRf+KggBiaRJKehSEBArw8fHadspUjOCtJReAnMkj
SkisgQTc3zDsx4/tQtd1o+uwGovsd7FFRsIWUOpmUdt8TJpgtWuklnA7UHYRVy/Y
Iry4bfN9qR0Bw/aWXmHPrakgzv471jkaQVlN/cHUMrLQPppw0aV1vxTKgl/h7jHv
X0WgrNL5Iz2Lq2I0194ymQh4ZftkNK9GSTAOYryxXi/9Jq4IL7mTQk561F0buyWk
8c0MTPrn6ZKkyQo3RQ==
-----END CERTIFICATE-----
答案1
您的证书缺少主题备用名称 (SAN) 条目。
现代浏览器需要 SAN 存在,即使它仅包含通用名称。使用 SAN 重新创建证书hdl-diamant
。
您还可以在此过程中添加主机的 FQDN,以防以后需要它,则不必再次重新创建证书。