我在服务器上安装了以下文章。
我从comodo positiveSSL获得了3个中级证书
AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt
我创build了一个文件PositiveSSL.ca-bundle
:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > PositiveSSL.ca-bundle
我为node.js和caldavd安装了相同的文件。 但是,当我跑步
openssl s_client -host node.js.com -port 3443 -CAfile file
我得到:
--- Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=example.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority --- Server certificate -----BEGIN CERTIFICATE-----
但是当我反对caldavd,我得到
openssl s_client -host caldavd.com -port 8443 -CAfile file
我得到:
CONNECTED(00000003) 140735312184144:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
然后,如果我从caldav中删除了中间证书,并且:
openssl s_client -host caldavd.com -port 8443 -CAfile file
我得到:
--- Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=example.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA --- Server certificate
你能解释一下发生了什么吗?