简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Q&A  >  body text

nginx - ssl encrypted access certificate not trusted

I purchased a new commercial SSL certificate, but after configuring it, it keeps showing that the link is not trusted.
Please give me some advice to describe the problem better. Posting the URL is not advertising, I hope someone can give me some advice.
The following is the configuration file of nginx,
https://www.domain.com

server {

    listen 443;
    server_name www.domain.com;
    index index.html index.htm index.php default.html default.htm default.php;
    root  /var/www;

    include yb.conf;
    #error_page   404   /404.html;
    location ~ [^/]\.php(/|$)
    {
        # comment try_files $uri =404; to enable pathinfo
        try_files $uri =404;
        fastcgi_pass  unix:/tmp/php-cgi.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
        #include pathinfo.conf;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
    }

    access_log  /var/wwwlogs/www.
domain.com.log  access;

    ssl on; 
    ssl_certificate /var/www/conf/
domain.crt; 
    ssl_certificate_key /var/www/conf/server.key;
}

I hope you can help me figure out what the problem is. When I tested it under Firefox, it always showed that the link was not trusted, and under IE, it showed that the connection was not encrypted.

I already want to die, wipe

怪我咯怪我咯2712 days ago814

reply all(4)I'll reply

  • ringa_lee

    ringa_lee2017-05-16 17:29:12

    Firefox 28 on Linux has normal access. Check the certificate details (click the arrow below and there is an option to view the certificate in "Add Exception"). Has your certificate been replaced?

    reply
    0
  • 淡淡烟草味

    淡淡烟草味2017-05-16 17:29:12

    1. The Comodo certificate is really average
    2. This is not a problem with Firefox, it’s because your certificate chain is not done properly.
    3. Add the intermediate certificate and it will be OK.

    Demo: https://yusky.me
    If you still don’t understand, you can leave a message on my blog

    reply
    0
  • 習慣沉默

    習慣沉默2017-05-16 17:29:12

    Click the link below to test and you will know where the problem is:
    https://www.ssllabs.com/ssltest/analyze.html?d=wuaidu.com

    Look at the Certification Paths, the Extra downloads shown are all the intermediate certificates you are missing, and you need to cat them with your own certificates.

    Of course, there are many other problems, just read the test report yourself.

    The last one is attached. Your certificate is signed with SHA256, which will cause all XP SP2 and below systems to be unable to access normally with IE and Chrome (if you don’t care about such users, there will be no problem, or you can let them install Firefox).

    reply
    0
  • 我想大声告诉你

    我想大声告诉你2017-05-16 17:29:12

    Firefox needs to add a public certificate to the certificate you generate

    reply
    0
  • Cancelreply