EC2负载均衡机 - 安装CA捆绑SSL /中级证书 [英] EC2 Load Balancer - installing CA Bundle SSL / intermediate certificate

问题描述

我使用EC2负载均衡器处理HTTPS请求。对于Chrome浏览器和Safari浏览器，具有负载均衡协议设定的HTTPS口岸443与该SSL证书正确处理大部分的流量。从Safari浏览器和放大器HTTPS请求; Chrome浏览器的罚款。然而，在Firefox中，我得到的连接是不安全的。（错误code：sec_error_unknown_issuer）在一个证书检查检查，我得到

I am using the EC2 Load Balancer to handle HTTPS requests. For Chrome & Safari, having the Load Balancer Protocol set HTTPs at Port 443 with the the SSL cert handles most traffic correctly. HTTPS requests from Safari & Chrome are fine. However in Firefox, I get the connection is insecure "(Error code: sec_error_unknown_issuer)." In checking with a cert checker, I get

该证书不是由受信任的机构签署（核对   Mozilla的根存储）。如果你从一个值得信赖的购买凭证   权威，你可能只需要安装一个或多个中间   证书。

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates.

在我的证书提供商说话，我得到的信息是：

In talking with my cert provider, the information I got was :

我们可以看到证书已在服务器上安装不当。   有一个在服务器上没有CA捆绑，这就是为什么浏览器可能显示   警告信息。

As we can see certificate has been installed improperly at the server. There is no CA bundle at the server that is why browsers may show warning messages.

你如何安装CA捆绑？

推荐答案

该解决方案是将ca_bundle添加到您的load_balancer证书链

The solution is to add the ca_bundle to your load_balancer under "Certificate Chain"

这篇关于EC2负载均衡机 - 安装CA捆绑SSL /中级证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！