curl 证书报警的问题,浏览器正常。

2013-03-08 15:35:27 +08:00
 cloudzhou
我从 http://www.v2ex.com/t/37139 这个帖子获悉ssl证书的购买和评分方式。

不过我这边遇到一些奇怪的问题,我购买的是:
http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates/rapidssl-certificate.aspx 证书,用在 https://www.gitshell.com/,评分也没有问题 https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.gitshell.com%2F

我发现的问题是,在我自己小米手机上,提示gitshell ssl证书不被认证,而godaddy的一些证书反而没有问题,还有,通过 curl 工具,发现也有小小不一样,比如:

> cloudzhou@cloudzhou:~$ curl https://www.paomi.com/|head
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
10<html xmlns="http://www.w3.org/1999/xhtml">
0<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
1 <title> 泡米网 - 好域名,赢未来 </title>
2 <meta content="no" http-equiv="imagetoolbar" />
... 立刻能显示内容

而访问 gitshell
> cloudzhou@cloudzhou:~$ curl https://www.gitshell.com/|head
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

nginx相关配置:
server {
listen 443;
server_name www.gitshell.com;

ssl on;
ssl_certificate ...gitshell.crt;
ssl_certificate_key ...gitshell.key;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 15m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

电脑版本的浏览器 firefox chrome 没有问题。
我在想是不是有什么地方我还没有做好?
能给我一些建议吗?
7118 次点击
所在节点    SSL
0 条回复

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/62328

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX