IE浏览器在XP不支持SNI允许单个服务器的多个证书 [英] IE on XP does not support SNI to permit multiple certificates for single server
问题描述
我一直在寻找了几个小时,以找到一个解决我的问题/问题,而我相信,我已经能够解释,为什么我有问题,我一直无法找到一个解决的原因。
I've been searching for a few hours to find a solution to my question/problem and whilst I believe that I have been able to clarify the reason why I have problems I have been unable to find a resolution.
我有一个托管多个网站和一对夫妇的这些网站都使用SSL证书一台服务器。我有所有的网站,并停止对SSL的网站上的无安全错误的方式来访问某些共享的图像是从服务的 https://www.example-shared-image-server.com/images/imagename.jpg
I have one server which is hosting multiple web sites and a couple of these web sites are using SSL certificates. I have some shared images accessed by all sites and the way to stop the none-secure error on the SSL site was to serve those shared images from https://www.example-shared-image-server.com/images/imagename.jpg
这工作得很好,直到那就是我发现,通过在Windows XP上使用Internet Explorer这是给消息没有与此网站的安全证书有问题。那么,什么我确定的是,它是因为它捡了服务器上的不同域的证书。所有做一台服务器上托管多个网站使用SSL证书。
This worked fine, until that is I noticed that by using Internet Explorer on Windows XP it is giving the message "There is a problem with this website's security certificate". What I then identified is that its because its picking up a certificate for a different domain on the server. Its all to do with hosting multiple sites on one server with SSL certificates.
可以说我有四个站点,只有前两个与SSL证书安装。
Lets say I have four sites with only the first two with SSL certificates installed.
https://www.one.com
https://www.two.com
http://www.three.com
http://www.four.com
和别忘了还有以下内容:
And lets not forget the following:
https://www.example-shared-image-server.com
因此,从它实际上是造就上述共享图片的URL访问图像时 https://www.one.com ,因此错误。
因此,它似乎是与IE浏览器不支持SNI或SSL / TLS在Windows XP或Vista,而这是在Win 7和Win 8这似乎是由M $立即伎俩迫使人们升级到更多的电流的操作系统。但事实是,所有其他的浏览器支持它。
So its seems to be something to do with IE not supporting SNI or SSL/TLS on Windows XP or Vista whereas it is on Win 7 and Win 8. This seems like an immediate ploy by M$ to force people to upgrade to more current operating systems. But the fact is that all other browsers support it.
不过,我一直没能确定是我能做些什么。所以我相信我的问题是,是否有可能使用不同的域在同一台服务器上的SSL主机多个网站,而不会导致IE浏览器显示错误。如果不是,有什么其他的人呢?它是的,我该如何配置呢?
But, what I have not been able to identify is what I can do about it. So I believe my question is, is it possible to host multiple web sites using SSL on the same server on different domains without causing IE to show errors. If not, what do other people do? And it yes, how do I configure it?
我一直在这几个小时,所以如果有人可以帮助,我真的AP preciate它。
I have been on this for hours so if someone could help, I would really appreciate it.
非常感谢,
罗布
推荐答案
Windows XP中的版本SChannel中的不支持SNI,这意味着IE和其他的WinINET / WinHTTP的基于应用程序不支持SNI该平台上。
Windows XP's version of SChannel does not support SNI, which means that IE and other WinINET/WinHTTP-based applications do not support SNI on that platform.
<一个href=\"http://blogs.msdn.com/b/ieinternals/archive/2009/12/07/certificate-name-mismatch-warnings-and-server-name-indication.aspx\">http://blogs.msdn.com/b/ieinternals/archive/2009/12/07/certificate-name-mismatch-warnings-and-server-name-indication.aspx
SNI支持在Windows Vista中引入;如果你没有看到它的平台上工作,很可能是IE浏览器从默认客场重新启用SSL2。的SSLv2兼容握手不携带TLS扩展,如扩展SNI
SNI support was introduced in Windows Vista; if you're not seeing it work on that platform, it's likely that IE was reconfigured away from the defaults to enable SSL2. SSLv2-compatible handshakes do not carry TLS extensions like the SNI extension.
这里唯一真正的解决办法,其一是:
The only real workarounds here are to either:
- 主机上的不同的IP或端口(使服务器可以根据这些信息选择该证书)每个服务器
- 使用包含使用证书的SubjectAltName字段 主机名的多个证书
- Host each server on a different IP or port (so the server can select the certificate based on that information)
- Use a certificate that contains multiple hostnames using the SubjectAltName field of the certificate
这篇关于IE浏览器在XP不支持SNI允许单个服务器的多个证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
