GoDaddy的SSL证书适用于所有浏览器

godady的ssl证书兼容ie5.0+,firefox,opera,chrome,搜狗,百度,360极速,360安全等浏览器,全部为绿色可信赖网址,基本没什么问题。但是今天有个客户安装了以后,除了FireFox浏览器,其他都正常。由于GoDaddy本身也用自己颁发的SSL证书,因此可以肯定不是GoDaddy的SSL证书本身的问题,于网上搜索了一下,找到这篇文章:

http://blog.csdn.net/blade2001/article/details/7619667

nginx做负载均衡,后端为apache,使用godaddy的证书,在IE和Chrome上都没有问题,在firefor上访问时:
sec_error_unknown_issuer

解决:
1.修改apache的http-ssl.conf
SSLCertificateChainFile “/EBS/apache/conf/gd_bundle.crt”
gd_bundle.crt为下载证书时一起下载下来的
2.修改nginx使用的www.mysite.com.crt
从godaddy上下载中间key:
https://certs.godaddy.com/repository/gd_cross_intermediate.crt
cat www.mysite.com.crt gd_intermediate_bundle.crt > mysite_combined.crt
使用这个文件做为nginx 的ssl_certificate

相关:

GoDaddy FireFox Error: sec_error_unknown_issuer


http://nginx.groups.wuyasea.com/articles/how-to-setup-godaddy-ssl-certificate-on-nginx/2
https://certs.godaddy.com/Repository.go

I recently worked with an install of Kerio Mail Server and I installed an SSL certificate issued by Godaddy.  The install went okay, following the Kerio instructions and Internet Explorer worked fine.  My problem was with Firefox.  I kept getting the error “sec_error_unknown issuer”.  Obviously this error means that Firefox was not recognizing the Godddy as a valid certificate issuer.  In short, you may come across this problem if  theGoDaddy Intermediate Certificate is not  installed on your server as well as your SSL certificate you purchased.  The Intermediate Certificate is available for free download at GoDaddy.  It is a universal certificate and it is not custom made for each user.  So what happens is Firefox goes to your site for your SSL certificate, it sees that it does not recognize GoDaddy, so then it asks your server who GoDaddy is and at that point your server will provide the GoDaddy Intermediate Certificate.

In the case of installing it on Kerio Mail Server, you need to download the “Go Daddy Secure Server Certificate (Intermediate Certificate)” and on Linux Systems, place the certificate in opt/kerio/mailserver/sslca. If you browse to that dirctory, you will see that Kerio Mail Server ships with the Verisign, RSA and Thawte Intermediate certificates, but not GoDaddy as well as Comodo or others.

3. Install SSL on NginxGodaddy email you the zip file contains 2 files: www.mysite.com.crt and gd_intermediate_bundle.crt. You need to combine both files into one file, with your domain ssl file on top. so unzip the zip file and combine them.
cat www.mysite.com.crt gd_intermediate_bundle.crt > mysite_combined.crt

If you don’t combine them, browser will not be able to verify certificate authority (CA), and popup dialog or warning messages, which will certainly scare your site visitors away.

Now copy both combined crt and www.mysite.com.key files to your ssl folder on the server, and edit your nginx.conf

server {
listen          443;
server_name     www.mysite.com;

ssl on;
ssl_certificate         /your/ssl/folder/mysite_combined.crt;
ssl_certificate_key     /your/ssl/folder/www.mysite.com.key;

}

then reload the processes to make the change take effect.
/etc/init.d/nginx reload

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

Copyright © All Rights Reserved · Green Hope Theme by Sivan & schiy · Proudly powered by WordPress