我最近生成了一个UCC
现在当我访问http://domain1.com在Firefox我得到:
domain1.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The certificate is only valid for the following names: *.domain1.com , domain2.com , *.domain2.com (Error code: sec_error_unknown_issuer) 它抱怨SSL是
这是我的SSL证书的文本forms:
Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Connecticut, L=Stamford, O=Example, Inc., CN=Example-CA/[email protected] Validity Not Before: Oct 28 11:26:20 2010 GMT Not After : Oct 28 11:26:20 2011 GMT Subject: C=US, ST=Connecticut, L=Stamford, O=Example, Inc., CN=domain1.com/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) Modulus (4096 bit): 00:b8:bf:9a:73:a0:6e:b6:2d:98:97:74:03:fc:76: 44:36:1d:e8:e8:49:2c:02:01:45:77:24:fb:cc:37: 22:af:8c:41:2d:92:63:74:e3:08:81:59:49:2b:96: 22:bd:2e:f9:55:dd:d9:cb:7e:e8:bd:ce:15:24:87: 2d:9b:1a:9c:8e:bd:fe:20:99:cf:8c:29:d2:92:af: 5f:dc:7e:17:5e:25:e6:c2:bf:70:79:0f:e9:78:74: a4:6c:15:4f:8b:c7:45:11:d0:4c:f0:05:85:cf:c0: bc:37:e5:c7:45:fd:8e:05:37:c1:aa:50:ef:14:ab: 55:f9:7d:79:b7:1e:bd:83:bd:cf:59:25:e0:d9:99: 17:d7:00:46:8b:86:58:bf:66:1a:77:e0:a6:35:81: 45:51:0a:e7:86:f6:40:c7:73:a7:4a:b8:c4:66:5d: dd:8b:9a:0f:8c:48:05:d5:bf:53:bc:e6:5b:60:3c: 50:21:a2:2c:e5:e1:15:eb:14:18:3d:f0:80:59:08: 74:f8:e7:d5:e9:7d:82:73:f2:f1:dc:e8:d9:7f:46: d5:68:eb:c0:e2:6b:f1:6f:90:c3:af:66:d5:f3:24: 93:a1:9f:bd:a9:62:c9:0a:76:8e:b4:a1:28:4e:b7: 09:e3:90:99:44:4d:3e:4d:89:ec:7c:7f:ac:b5:77: e3:8d:af:e3:da:09:98:51:09:bf:76:ac:d9:1a:34: 0c:4c:3c:43:eb:47:d6:b7:ed:d4:42:35:09:a0:b2: 98:3f:ad:b7:d1:49:4d:df:72:07:48:6c:3e:df:67: 6a:48:14:4b:0c:d4:48:37:a5:c8:f6:7b:4d:d3:01: 3f:32:e8:a9:ef:92:55:cb:24:25:9f:c0:98:53:d2: 0b:fa:30:3d:3d:c5:9d:90:cd:bf:c8:01:d3:7a:c2: 3a:78:b7:db:eb:c2:ee:de:bc:5c:c4:74:af:5a:23: 08:e5:8c:df:ec:0d:f1:b3:7a:86:88:99:17:e8:d9: 81:b2:3c:eb:40:d9:b3:09:82:5b:e0:fa:84:68:ed: c6:2c:c9:59:93:c3:f8:80:70:67:1f:6c:f8:3c:25: 63:95:ee:de:e2:ba:92:34:b0:f8:a1:53:5b:22:d9: f3:d3:4c:1a:91:12:e6:0d:af:e3:99:3a:29:d0:ba: 57:d3:08:3d:a1:2f:91:61:a2:86:f6:f8:33:61:dc: da:39:82:03:25:f3:88:5a:8a:88:e3:be:5e:78:1b: c2:74:a4:c8:0f:66:18:2a:1e:a0:a9:ac:1c:71:50: 81:b5:6e:d4:2a:c3:b6:bd:85:ea:ef:72:3d:76:08: 79:d5:59:6a:b4:f2:54:33:61:76:49:13:93:95:e5: 86:2a:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 3F:40:13:7E:25:04:0A:B9:0F:5F:DE:5E:9D:55:94:10:EE:F2:2B:B0 X509v3 Authority Key Identifier: keyid:8E:C4:D5:F3:69:12:A9:75:DA:0D:9B:59:11:C8:DE:53:67:C0:DA:1B X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:*.domain1.com, DNS:domain2.com, DNS:*.domain2.com Signature Algorithm: sha1WithRSAEncryption 20:cd:15:09:9a:0b:7b:90:bd:db:83:fd:21:15:9a:32:21:8e: 98:42:28:63:8b:fe:9c:36:73:9e:2f:2c:87:af:a4:0d:01:06: f4:5e:c1:76:d9:3b:ab:85:90:87:8e:8a:63:a8:d8:49:82:98: a3:4b:4e:dc:fe:4f:af:6e:86:4c:64:55:74:ca:cd:7b:db:4a: b8:b0:ad:f5:75:c3:92:da:a7:2c:72:d0:dd:2e:0b:78:85:91: 03:fd:51:40:df:58:02:c1:ab:c8:5d:09:4a:7c:15:e3:ec:30: 13:ea:b3:26:bc:56:a2:66:a0:5d:d7:26:9c:f9:24:47:a7:55: 15:5f:8a:d0:02:92:fd:f9:4d:40:74:7a:c1:a5:85:bc:83:ff: c5:d7:1d:97:48:e3:58:c6:c3:b9:ba:65:f7:ba:c8:db:86:13: 32:48:42:fe:cf:07:58:47:3d:66:bd:87:c2:40:86:1b:3b:82: 01:e1:57:7f:04:89:9c:45:2e:d9:7c:ae:cf:4f:87:50:0a:f0: ff:f6:b3:c1:ce:24:21:1c:2f:3c:62:80:a6:5d:3b:61:6c:b7: e4:22:c0:ed:a5:07:c5:a9:ad:e5:26:24:f2:d0:29:3e:b7:dc: b6:3a:2c:76:ee:a5:8e:ba:cf:bf:65:b3:40:93:9f:ad:82:1b: b2:d6:28:4c:2c:6b:3c:db:da:5f:73:20:3d:1b:59:13:93:de: cd:03:df:e8:fa:13:1f:9d:30:99:83:0b:12:60:63:65:64:d8: 1e:3f:7e:4b:3a:fe:e4:19:db:55:f5:95:cc:77:f6:64:5b:53: 4b:d0:e0:30:35:91:81:b8:65:2d:81:4e:1f:aa:c8:b3:d2:d8: 7d:85:47:49:1d:a5:bc:65:16:a5:bb:3e:ea:12:f4:70:e7:11: 59:52:d8:2b:5d:4e:14:5f:d3:ae:45:69:17:61:bc:43:dc:9a: 03:c2:8b:79:f3:39:f4:a4:7f:f7:3c:c5:b7:9e:df:52:1b:41: 8d:c4:5e:bf:5e:17:3e:c8:07:6f:35:47:a4:32:0f:8d:cc:ad: 45:0e:72:a5:74:0d:08:64:cf:da:79:cb:e2:c5:73:78:ff:f6: fc:c8:b3:d2:88:ea:03:10:36:eb:d5:79:d6:97:99:17:cd:e3: 17:cc:2a:27:0f:ff:41:84:8e:38:f0:b0:c2:7d:cb:b2:a1:40: af:74:98:fb:87:15:53:68:24:39:cb:8e:63:cf:c0:56:b3:7c: 2f:39:5e:bd:6e:cf:5a:43:37:f6:20:db:34:65:48:8f:0e:49: 6c:66:a5:a5:70:2f:09:d6:0f:ed:f8:86:a2:17:67:2b:fe:d3: aa:7b:56:7d:63:c3:17:a0
您需要将domain1.com作为主题备用名称。 如果存在主题备用名称,大多数浏览器将忽略主题中的通用名称。 这就是为什么Firefox认为该证书对https://domain1.com无效