“独立”网络应用中的SSL sec_error,完整浏览器正常
[英]SSL sec_error in 'standalone' web app, full browser ok
问题描述
I have set up a local webserver in a virtual machine for testing firefox web apps. 
我已经在虚拟机中设置了本地Web服务器,以测试firefox Web应用程序。 That server has also been setup as certificate authority to avoid the 'risk messages' for local testing, and i signed a certificate for the webserver. 该服务器还被设置为证书颁发机构,以避免本地测试的“风险消息”,并且我为Web服务器签署了证书。
So, calling the web app in firefox displays no more warnings. 因此,在firefox中调用Web应用程序不会再显示警告。
Installing the web app as 'standalone' still displays an alert (messagebox): 将Web应用安装为“独立”状态仍会显示警报(消息框):
The certificate is not trusted because no certificate issuer chain was provided.
Dem Zertifikat wird nicht vertraut, weil keine Zertifikatsausstellerkette angegeben wurde.
I am using Apache2.2 and Openssl on debian_wheezy_64 and i think i have done everything allright, can't figure out what the standalone web app is missing with that ssl error message. 我在debian_wheezy_64上使用Apache2.2和Openssl,我认为我已经做了所有事情,无法弄清楚该ssl错误消息缺少的独立Web应用程序是什么。
Update: As it seems that the standalone web app environment does not know anything about the firefox browser certificates(chain), i configured the webserver (mod_ssl virtualhost) to provide a direct chain to the (self)root ca: 更新:似乎独立的Web应用程序环境对firefox浏览器证书(链)一无所知,因此我将Web服务器(mod_ssl虚拟主机)配置为提供到(自)根ca的直接链:
SSLCertificateChainFile /path_to/ca.crt
Now the problem is, that because maybe the standalone environment does not know the certificate authorities added to firefox, the sec_error know says 现在的问题是,因为可能独立环境不知道添加到Firefox的证书颁发机构,所以sec_error知道说
The certificate is not trusted because the issuer certificate is not trusted
I think it makes sense (or no sense...) if the standalone environment has an own certificate management, so the question is, how to tell the standalone environment that i trust the (self)root ca. 我认为如果独立环境具有自己的证书管理是有道理的(或没有道理...),所以问题是,如何告诉独立环境我信任(自)根ca。
1 个解决方案
解决方案1
0 2013-12-26 18:42:11
You need to configure the standalone environment with a default trusted certificate chain - "The certificate is not trusted because no certificate issuer chain was provided " 您需要使用默认的受信任证书链配置独立环境-“证书不受信任,因为未提供证书颁发者链 ”
When you install Firefox, it comes preconfigured with a set of certificates that it trusts by default. 当您安装Firefox时,它预先配置了一组默认信任的证书。 Any certificates whose signature chain terminates at the top with one of these preconfigured certificates will be automatically trusted. 签名链在这些预配置证书之一中位于顶部的任何证书将被自动信任。 For instance, I use opera on windows and by default it trusts a whole host of certificate authorities: 例如,我在Windows上使用Opera,默认情况下,它信任整个证书颁发机构:
You probably need to configure your standalone environment with a list of default trusted certificate authorities. 您可能需要使用默认的受信任证书颁发机构列表配置独立环境。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.