本文介绍了SSL 证书“err_cert_authority_invalid"仅在移动 chrome 上的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

域:https://www.amz2btc.com

来自 SSL 实验室的分析:https://www.ssllabs.com/ssltest/analyze.html?d=amz2btc.com

Analysis from SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=amz2btc.com

我所有的桌面浏览器都可以正常打开.移动火狐打开这个很好.只有当我尝试使用移动 Chrome 时,我才收到错误:err_cert_authority_invalid

All my desktop browsers open this fine. Mobile Firefox opens this fine. Only when I tried with mobile Chrome did I get the error: err_cert_authority_invalid

我对 SSL 知之甚少,因此我无法真正理解 SSL 报告或为什么会出现此错误.如果有人可以 ELI5,那将是理想的.:)

I know very little about SSL, so I can't really make sense of the SSL report or why this error is coming up. If someone could ELI5, that would be ideal. :)

推荐答案

我刚刚花了一个上午的时间来处理这个问题.问题不在于我缺少证书.那是我有一个额外的.

I just spent the morning dealing with this. The problem wasn't that I had a certificate missing. It was that I had an extra.

我开始使用我的 ssl.conf,其中包含我的服务器密钥和我的 SSL 证书颁发机构提供的三个文件:

I started out with my ssl.conf containing my server key and three files provided by my SSL certificate authority:

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myserver.cer

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key

#   Server Certificate Chain:
SSLCertificateChainFile /etc/pki/tls/certs/AddTrustExternalCARoot.pem

#   Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/InCommonServerCA.pem

它在台式机上运行良好,但 Android 上的 Chrome 给了我 err_cert_authority_invalid

It worked fine on desktops, but Chrome on Android gave me err_cert_authority_invalid

后来很多头疼,搜索和糟糕的文档,我发现它是服务器证书链:

A lot of headaches, searching and poor documentation later, I figured out that it was the Server Certificate Chain:

SSLCertificateChainFile /etc/pki/tls/certs/AddTrustExternalCARoot.pem

那是在创建一个不完整的第二个证书链.我注释掉了那行,留下了

That was creating a second certificate chain which was incomplete. I commented out that line, leaving me with

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myserver.cer

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key

#   Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/InCommonServerCA.pem

现在它又可以在 Android 上运行了.这是在运行 Apache 2.2 的 Linux 上.

and now it's working on Android again. This was on Linux running Apache 2.2.

这篇关于SSL 证书“err_cert_authority_invalid"仅在移动 chrome 上的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-05 23:35