站点使用了 ssl 后，用 chrome 无法访问了，用 safari 访问正常，求解

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

这是一个创建于 3765 天前的主题，其中的信息可能已经有所发展或是发生改变。

服务器检查没有问题

DNS resolves 's.domain.com' to （ip）
SSL certificate

Common Name = s.domain.com
Subject Alternative Names = s.domain.com, www.s.domain.com
Issuer = COMODO RSA Domain Validation Secure Server CA
Serial Number = E78D5F18BFCA4F674DB92E0FDA4E031D370
SHA1 Thumbprint = 61010A635E84922318663E30407E7DF8FAC25CF68A00C
Key Length = 2048 bit
Signature algorithm = SHA256 + RSA (excellent)
Secure Renegotiation: Supported
This certificate does not use a vulnerable Debian key (this is good)

SSL Certificate has not been revoked

OCSP Staple:
OCSP Origin:
CRL Status:

SSL Certificate expiration
The certificate expires August 3, 2015 (364 days from today)
Certificate Name matches s.domain.com
Subject s.domain.com
Valid from 03/Aug/2014 to 03/Aug/2015
Issuer COMODO RSA Domain Validation Secure Server CA
SSL Certificate is correctly installed

Congratulations! This certificate is correctly installed.

用safari访问也正常，但用chrome访问就是一个禁止访问的的界面，提示`this certificate was signed by an untrusted issuer`，求解！

SSL

issuer

rsa

12 条回复 • 2014-08-05 17:07:30 +08:00

fuxkcsdn

2014-08-05 02:34:20 +08:00

用的是自签名的证书？？
Windows下需要导入CA证书到受信任的根证书发布机构

ine181x

2014-08-05 06:03:59 +08:00 via iPhone

信任链？

DreaMQ

2014-08-05 06:26:06 +08:00 via Android

地址贴出来试试？

stevegy

2014-08-05 06:41:51 +08:00

chrome可能认为COMODO RSA Domain Validation Secure Server CA 是 "this certificate was signed by an untrusted issuer"
更新一下chrome的版本试试，貌似这个CA有点问题。。。https://ssl-tools.net/certificates/135zw4l-comodo-rsa-domain-validation-secure-server
Not valid before:
2014-02-12 00:00:00 UTC
Not valid after:
2029-02-11 23:59:59 UTC

2-12才开始有效的。。。