SSL_ERROR_BAD_CERT_DOMAIN
[英]SSL_ERROR_BAD_CERT_DOMAIN
问题描述
SSL certificate is valid only for website without www 
SSL证书仅对没有www的网站有效
I set my site with SSL certificate. 我将网站设置为SSL证书。 It is on posidonia.ga but if I connect then Firefox shows this warning: ""Websites guarantee their identity through certificates. 它位于posidonia.ga上,但是如果我连接,则Firefox将显示以下警告:“”网站通过证书保证其身份。 Firefox does not consider this site reliable as it uses a certificate that is not valid for www.posidonia.ga. Firefox认为此站点不可靠,因为它使用的证书对www.posidonia.ga无效。 The certificate is valid only for posidonia.ga. 该证书仅对posidonia.ga有效。
Error code: SSL_ERROR_BAD_CERT_DOMAIN"" 错误代码:SSL_ERROR_BAD_CERT_DOMAIN“”
So how could I connect to https://www.posidonia.ga if my SSL certificate is valid only for posidonia.ga (without www)? 那么,如果我的SSL证书仅对posidonia.ga有效(不带www),我如何连接到https://www.posidonia.ga ?
I've read I could solve adding these lines to .htaccess: 我读过我可以解决将这些行添加到.htaccess的问题:
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
But the problem is still there. 但是问题仍然存在。
Please help, thanks. 请帮忙,谢谢。
RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
I expect connecting https://www.posidonia.ga without warning: SSL_ERROR_BAD_CERT_DOMAIN 我希望在没有警告的情况下连接https://www.posidonia.ga:SSL_ERROR_BAD_CERT_DOMAIN
1 个解决方案
解决方案1
1 2019-07-18 14:57:07
You have two problems: 您有两个问题:
1) your certificate is only for posidonia.ga hence it will never cover www.posidonia.ga and any HTTPS connection to that hostname with this certificate will get rejected by clients due to name mismatch. 1)您的证书仅用于posidonia.ga因此它将永远不会覆盖www.posidonia.ga并且由于名称不匹配,客户端将拒绝使用该证书的该主机名的任何HTTPS连接。 You need a new certificate having either www.posidonia.ga or *.posidonia.ga as a SAN (Subject Alternative Name), alongside the current posidonia.ga . 您需要带有当前posidonia.ga同时具有www.posidonia.ga或*.posidonia.ga作为SAN(主题备用名称)的新证书。 You need to generate a new certificate for this goal, you can not just "update" the current one. 您需要为此目标生成一个新证书,而不仅仅是“更新”当前证书。
2) Your certificate is issued by 2)您的证书由
E = support@cacert.org
CN = CA Cert Signing Authority
OU = http://www.cacert.org
O = Root CA
This is a CA that is not included by default in browsers (see http://wiki.cacert.org/InclusionStatus for full list on where it is included by default or not), hence they reject your certificate as unknown issuer. 这是一个默认不包含在浏览器中的CA(有关默认包含或不包含该证书的完整列表,请参见http://wiki.cacert.org/InclusionStatus ),因此它们拒绝您作为未知发行者的证书。
To add the CA in browsers, have a look at http://wiki.cacert.org/FAQ/ImportRootCert and http://wiki.cacert.org/FAQ/BrowserClients depending on your needs. 要在浏览器中添加CA, 请根据需要查看http://wiki.cacert.org/FAQ/ImportRootCert和http://wiki.cacert.org/FAQ/BrowserClients 。
It can be as simple as http://www.cacert.org/index.php?id=3 and accepting the prompts, or more complicated depending on your OS/browser/setup/policies. 它可以简单到http://www.cacert.org/index.php?id=3并接受提示,也可以更复杂,具体取决于您的OS / browser / setup / policies。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.