The website recently wants to upgrade from http to https, all links must be in the https protocol,
Start with the attachment server and make all the attachment backlinks of the website https first
The certificate is a "free Symantec DV SSL certificate" applied for from Alibaba Cloud, and after the generation is completed, there is no certificate file in crt format that I want
I converted it into a crt file and a key file through the pfx file, and then after the server was configured (I won't tell you how to configure it)
The computer and ipad access https link is normal, only the android phone accesses https, and the "certificate is from an untrusted authorization center, do you want to continue?" ”
How can this kind of hint work??? Then, the Internet says that it may be caused by an "incomplete certificate chain"
I don't know what a certificate chain is, always, I find a problem
.pem file, there isTwoCertificate chain (Alibaba Cloud download, included files)
.crt file, there isOneCertificate chain (I generated it myself)
Is this a problem???
As long as the content of the certificate remains unchanged, the .pem .crt .txt are of the same nature, just change the suffix name!
I found this sentence from the Internet, meDecisively changed the .pem file to a .crt file, reconfigured it, and found that the Android phone no longer prompted!
Certificate format requirements
The certificate you want to apply for is: PEM format certificate in the linux environment, other formats of certificates are not supported, if other formats of certificates need to be converted to PEM format, please refer to "Certificate format and conversion method"
If the certificate is issued through the root CA, the certificate you get is the only one, and no additional certificate is required, and the configured site can be considered trusted by browsers and other access devices.
If the certificate is issued through an intermediate CA, the certificate file you get contains multiple certificates, and you need to manually merge the server certificate with the intermediate certificate and upload it together.
The splicing rules are: put the first copy of the server certificate, put the second copy of the middle certificate, and there should be no blank lines in the middle. Note: Under normal circumstances, the institution will have corresponding instructions when issuing certificates, please pay attention to the rules and regulations.
Introduction to certificate chain rules
The certificate rules are:
a. [——-BEGIN CERTIFICATE——-, ——-END CERTIFICATE——-] beginning and ending; Please upload these contents together;
b. Each line is 64 characters, and the last line should not exceed 64 characters;
2. Certificate chain issued by intermediate institutions:
——-BEGIN CERTIFICATE——-
——-END CERTIFICATE——-
——-BEGIN CERTIFICATE——-
——-END CERTIFICATE——-
——-BEGIN CERTIFICATE——-
——-END CERTIFICATE——-
Certificate Chain Rules:
a. There should be no blank lines between certificates;
b. Each certificate complies with the format instructions of point 1 on the certificate;
Attached:
SSL Service Test: https://wosign.ssllabs.com/analyze.html
Certificate chain completion website: https://certificatechain.io/ (I don't know how to use it。。。。。。 )
I heard that it is"Just paste the last certificate, and he will complete the CA for you”
|
Posted on 8/15/2017 9:32:24 PM
|
|
|
|
Posted on 8/17/2017 3:30:12 PM