我已经从 RapidSSL 购买了 SSL 证书。我已将 RapidSSL CA 和 GeoTrust Global CA 的链文件连接起来,但当我检查它时http://www.sslshopper.com/ 我有这个 :
The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
Nginx 配置:
server {
listen 443;
server_name domain.com www.domain.com;
root /usr/share/nginx/www/domain.com;
index index.php;
ssl on;
ssl_certificate /usr/share/nginx/www/domain.com/domain.com.crt;
ssl_client_certificate /etc/nginx/www/domain.com.ca;
ssl_certificate_key /etc/ssl/private/domain.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
请帮我
答案1
您确定要使用吗ssl_client_certificate?
在 nginx 中,使用多个 SSL 证书链的常用方式是使用正确的顺序(服务器证书优先):cat domain.com.crt rapidssl.ca geotrust.ca > domain.cert.combined 并使用
ssl_certificate /usr/share/nginx/www/domain.com/domain.cert.combined
;