SSL cert“err_cert_authority_invalid”仅在移动chrome上 [英] SSL cert "err_cert_authority_invalid" on mobile chrome only

问题描述

网域： https://www.amz2btc.com

分析来自SSL实验室： https://www.ssllabs.com/ssltest/analyze.html?d= amz2btc.com

Analysis from SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=amz2btc.com

我的所有桌面浏览器都打开这个罚款。移动Firefox打开这个罚款。只有当我尝试使用移动Chrome时，我得到了错误： err_cert_authority_invalid

All my desktop browsers open this fine. Mobile Firefox opens this fine. Only when I tried with mobile Chrome did I get the error: err_cert_authority_invalid

我不能真正了解SSL报告或为什么这个错误出现。如果有人可以ELI5，这将是理想的。 ：）

I know very little about SSL, so I can't really make sense of the SSL report or why this error is coming up. If someone could ELI5, that would be ideal. :)

推荐答案

我刚刚在早上处理这个问题。问题不是我有一个证书缺失。这是我有一个额外的。

I just spent the morning dealing with this. The problem wasn't that I had a certificate missing. It was that I had an extra.

我开始使用我的ssl.conf包含我的SSL证书颁发机构提供的服务器密钥和三个文件：

I started out with my ssl.conf containing my server key and three files provided by my SSL certificate authority:

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myserver.cer

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key

#   Server Certificate Chain:
SSLCertificateChainFile /etc/pki/tls/certs/AddTrustExternalCARoot.pem

#   Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/InCommonServerCA.pem

它在桌面上运行正常，但Android上的Chrome给我 err_cert_authority_invalid

It worked fine on desktops, but Chrome on Android gave me err_cert_authority_invalid

很多头痛，搜索和不好的文档后，我想出这是服务器证书链：

A lot of headaches, searching and poor documentation later, I figured out that it was the Server Certificate Chain:

SSLCertificateChainFile /etc/pki/tls/certs/AddTrustExternalCARoot.pem

强>不完整的证书链。我注释掉了该行，留下了

That was creating a second certificate chain which was incomplete. I commented out that line, leaving me with

#   Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myserver.cer

#   Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key

#   Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/InCommonServerCA.pem

现在它的工作Android再次。这是在Linux上运行Apache 2.2。

and now it's working on Android again. This was on Linux running Apache 2.2.

这篇关于SSL cert“err_cert_authority_invalid”仅在移动chrome上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！