.net 谷歌显示SSL错误消息
我的客户从谷歌那里得到以下信息 站点主机名与SSL证书使用者名称不匹配 我们注意到,您站点的主机名与SSL证书中的任何“使用者名称”都不匹配,它们是: secured.meusite.com 因此,许多web浏览器会阻止用户访问您的网站,或者在访问您的网站时显示安全警告消息。 建议的行动 若要更正此问题,请由证书颁发机构(CA)获取一个新的SSL证书,该证书具有与主机名匹配的“使用者名称”或“使用者替代DNS名称” 我注意到,我可以向证书添加替代名称,但是此url不使用SSL。这是因为用户正在输入“s” 我需要做什么来停止谷歌发送警报消息.net 谷歌显示SSL错误消息,.net,ssl,windows-server-2008,.net,Ssl,Windows Server 2008,我的客户从谷歌那里得到以下信息 站点主机名与SSL证书使用者名称不匹配 我们注意到,您站点的主机名与SSL证书中的任何“使用者名称”都不匹配,它们是: secured.meusite.com 因此,许多web浏览器会阻止用户访问您的网站,或者在访问您的网站时显示安全警告消息。 建议的行动 若要更正此问题,请由证书颁发机构(CA)获取一个新的SSL证书,该证书具有与主机名匹配的“使用者名称”或“使用者替代DNS名称” 我注意到,我可以向证书添加替代名称,但是此url不使用SSL。这是因为用户正在输
Windows Server 2008,IIS 7 e.NET 3.5您可以在web.config文件中配置HTTPS连接以重定向到HTTP 但是,SSL证书的存在表明站点上可能存在值得保护的内容。如果是这样的话,更好的方法是添加主题替代名称,并从HTTP重定向到HTTPS 您可以将以下内容添加到web.config以从HTTP重定向到HTTPS(并在该代码段中反向提及HTTP和HTTPS,以实现另一个方向)
您可以在web.config文件中配置HTTPS连接以重定向到HTTP 但是,SSL证书的存在表明站点上可能存在值得保护的内容。如果是这样的话,更好的方法是添加主题替代名称,并从HTTP重定向到HTTPS 您可以将以下内容添加到web.config以从HTTP重定向到HTTPS(并在该代码段中反向提及HTTP和HTTPS,以实现另一个方向)
我认为Eric J.遇到了重定向问题。从OpenSSL的_客户端,这里是您的证书的问题
- 主题:CN=www.parkingcrew.com…-不要将CN用于DNS名称
完全错了www.parkingcrew.com- 缺少SAN:
abc.meusite.com
secured.meusite.comwwwmeusite.comwww.meusite.comabc.meusite.comsecured.meusite.com
s\u客户端的输出:
$ echo | openssl s_client -connect abc.meusite.com:443 -servername abc.meusite.com 2>/dev/null | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:29:f1:07:8e:b3:c6:7f:68:89:fd:3c:e4:29:32:83
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thawte, Inc., OU=Domain Validated SSL, CN=Thawte DV SSL CA
Validity
Not Before: Apr 10 00:00:00 2014 GMT
Not After : Jul 1 23:59:59 2017 GMT
Subject: OU=Go to https://www.thawte.com/repository/index.html, OU=Thawte SSL123 certificate, OU=Domain Validated, CN=www.parkingcrew.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:ef:c5:98:53:37:92:91:90:12:4f:46:0f:45:
a2:85:85:e7:27:cb:97:4f:2d:84:f6:0c:7a:9e:71:
06:d5:14:3d:43:55:b4:9f:4e:f9:11:9b:49:ec:74:
df:08:0b:30:2a:17:95:03:93:43:47:59:5f:ba:02:
00:0f:9c:b0:89:76:4e:4e:07:b5:59:42:f7:83:1f:
25:63:5c:b3:1e:60:77:f9:73:95:06:b8:d7:6c:b7:
01:e3:49:e3:02:6b:09:b1:74:e7:39:2a:0e:24:86:
f9:2d:39:0a:7a:06:e2:7c:80:ce:f6:67:5a:e6:13:
77:a9:1c:d5:c6:76:b8:6b:cd:7b:1c:2a:73:f4:80:
68:69:06:5b:e7:0a:83:0d:fc:97:ce:f7:17:55:ed:
32:cc:fd:ea:ad:8d:82:0f:dd:d4:b2:99:6d:9a:5f:
a6:ef:7b:b4:62:eb:3e:3a:b7:43:e6:d7:59:dd:f1:
59:e6:87:95:ea:25:80:29:90:58:6e:d1:61:55:e2:
03:ba:47:f9:b1:f9:18:a5:47:8e:69:77:b1:39:dc:
73:24:28:1b:95:c3:db:2d:2c:f6:ca:8c:7f:71:9b:
b0:db:bf:46:17:90:db:49:38:d4:24:c2:c1:e9:44:
a2:ba:a0:8e:1a:4f:a4:e5:f8:af:3c:77:c5:1b:38:
8d:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.parkingcrew.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.54
CPS: https://www.thawte.com/cps
X509v3 Authority Key Identifier:
keyid:AB:44:E4:5D:EC:83:C7:D9:C0:85:9F:F7:E1:C6:97:90:B0:8C:3F:98
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
CA Issuers - URI:http://svr-dv-aia.thawte.com/ThawteDV.cer
Signature Algorithm: sha1WithRSAEncryption
8d:1e:d9:92:2d:1f:b3:aa:61:d2:3b:31:ac:ec:de:18:18:4e:
cb:52:13:f9:b7:ff:bc:95:8d:67:6d:3e:e7:3f:78:7f:2c:13:
a8:9e:04:91:8b:40:47:db:38:60:5d:48:e1:1f:49:ad:20:6e:
5c:51:05:ad:61:dc:dd:10:7a:61:d5:dd:ef:66:8b:5f:cb:5c:
2b:b9:8a:ed:dd:4b:c2:14:b2:b0:4b:6e:64:c1:09:8e:2e:aa:
80:b1:56:32:1c:d3:bd:94:30:18:16:c9:c0:7e:5c:c7:f0:ee:
05:60:77:eb:ff:81:98:ff:8d:d6:f9:95:40:9e:0a:da:8b:d3:
64:2c:80:55:4d:d1:a1:06:e9:58:02:32:02:96:d4:ba:b9:12:
11:06:0a:1d:d9:ca:76:95:a5:b0:c9:86:21:8a:41:cf:d9:8a:
11:57:5d:da:cd:3c:27:19:93:b2:50:1d:ed:fb:74:57:0e:32:
58:5d:5e:72:6d:13:5a:81:2a:ce:2e:bf:8c:d1:18:64:0d:e4:
c1:98:33:4e:28:46:3a:84:d2:fd:5e:0b:ff:dc:ac:f6:69:a9:
06:ec:83:bc:75:d1:51:da:14:ca:12:a1:d4:1a:9a:9d:05:da:
5b:4c:ec:64:62:c3:43:38:35:3e:30:2d:25:90:8a:4f:5a:d5:
cd:e0:13:7d
我想Eric J.遇到了重定向问题。从OpenSSL的_客户端,这里是您的证书的问题
- 主题:CN=www.parkingcrew.com…-不要将CN用于DNS名称
www.parkingcrew.com
完全错了- 缺少SAN:
abc.meusite.com
显然,您的证书还应该具有作为SAN的secured.meusite.com
因此,您的证书应该至少有三个SAN。你也可以在wwwwww
上回答,所以选四个。(除删除DNS CN和不正确的DNS名称外)
meusite.com
www.meusite.com
abc.meusite.com
secured.meusite.com
以下是s\u客户端的输出:
$ echo | openssl s_client -connect abc.meusite.com:443 -servername abc.meusite.com 2>/dev/null | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:29:f1:07:8e:b3:c6:7f:68:89:fd:3c:e4:29:32:83
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thawte, Inc., OU=Domain Validated SSL, CN=Thawte DV SSL CA
Validity
Not Before: Apr 10 00:00:00 2014 GMT
Not After : Jul 1 23:59:59 2017 GMT
Subject: OU=Go to https://www.thawte.com/repository/index.html, OU=Thawte SSL123 certificate, OU=Domain Validated, CN=www.parkingcrew.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:ef:c5:98:53:37:92:91:90:12:4f:46:0f:45:
a2:85:85:e7:27:cb:97:4f:2d:84:f6:0c:7a:9e:71:
06:d5:14:3d:43:55:b4:9f:4e:f9:11:9b:49:ec:74:
df:08:0b:30:2a:17:95:03:93:43:47:59:5f:ba:02:
00:0f:9c:b0:89:76:4e:4e:07:b5:59:42:f7:83:1f:
25:63:5c:b3:1e:60:77:f9:73:95:06:b8:d7:6c:b7:
01:e3:49:e3:02:6b:09:b1:74:e7:39:2a:0e:24:86:
f9:2d:39:0a:7a:06:e2:7c:80:ce:f6:67:5a:e6:13:
77:a9:1c:d5:c6:76:b8:6b:cd:7b:1c:2a:73:f4:80:
68:69:06:5b:e7:0a:83:0d:fc:97:ce:f7:17:55:ed:
32:cc:fd:ea:ad:8d:82:0f:dd:d4:b2:99:6d:9a:5f:
a6:ef:7b:b4:62:eb:3e:3a:b7:43:e6:d7:59:dd:f1:
59:e6:87:95:ea:25:80:29:90:58:6e:d1:61:55:e2:
03:ba:47:f9:b1:f9:18:a5:47:8e:69:77:b1:39:dc:
73:24:28:1b:95:c3:db:2d:2c:f6:ca:8c:7f:71:9b:
b0:db:bf:46:17:90:db:49:38:d4:24:c2:c1:e9:44:
a2:ba:a0:8e:1a:4f:a4:e5:f8:af:3c:77:c5:1b:38:
8d:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.parkingcrew.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://svr-dv-crl.thawte.com/ThawteDV.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.54
CPS: https://www.thawte.com/cps
X509v3 Authority Key Identifier:
keyid:AB:44:E4:5D:EC:83:C7:D9:C0:85:9F:F7:E1:C6:97:90:B0:8C:3F:98
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
CA Issuers - URI:http://svr-dv-aia.thawte.com/ThawteDV.cer
Signature Algorithm: sha1WithRSAEncryption
8d:1e:d9:92:2d:1f:b3:aa:61:d2:3b:31:ac:ec:de:18:18:4e:
cb:52:13:f9:b7:ff:bc:95:8d:67:6d:3e:e7:3f:78:7f:2c:13:
a8:9e:04:91:8b:40:47:db:38:60:5d:48:e1:1f:49:ad:20:6e:
5c:51:05:ad:61:dc:dd:10:7a:61:d5:dd:ef:66:8b:5f:cb:5c:
2b:b9:8a:ed:dd:4b:c2:14:b2:b0:4b:6e:64:c1:09:8e:2e:aa:
80:b1:56:32:1c:d3:bd:94:30:18:16:c9:c0:7e:5c:c7:f0:ee:
05:60:77:eb:ff:81:98:ff:8d:d6:f9:95:40:9e:0a:da:8b:d3:
64:2c:80:55:4d:d1:a1:06:e9:58:02:32:02:96:d4:ba:b9:12:
11:06:0a:1d:d9:ca:76:95:a5:b0:c9:86:21:8a:41:cf:d9:8a:
11:57:5d:da:cd:3c:27:19:93:b2:50:1d:ed:fb:74:57:0e:32:
58:5d:5e:72:6d:13:5a:81:2a:ce:2e:bf:8c:d1:18:64:0d:e4:
c1:98:33:4e:28:46:3a:84:d2:fd:5e:0b:ff:dc:ac:f6:69:a9:
06:ec:83:bc:75:d1:51:da:14:ca:12:a1:d4:1a:9a:9d:05:da:
5b:4c:ec:64:62:c3:43:38:35:3e:30:2d:25:90:8a:4f:5a:d5:
cd:e0:13:7d
之所以会出现这个错误,是因为几天之后,谷歌就开始尝试是否所有在谷歌网站管理员工具中注册的网站都存在SSL版本
如果您在同一IP上托管SSL和非SSL站点,并且Google now请求,您的Web服务器(每个品牌和型号)将响应该IP上支持SSL的其中一个站点(通常是第一个)
我认为这没什么好担心的。这只是谷歌在所有网站上盲目地尝试SSL,即使是那些没有证书的网站。这一错误是由谷歌引起的,因为几天之后,谷歌会尝试在谷歌网站管理员工具中注册的所有网站上是否存在SSL版本
如果您在同一IP上托管SSL和非SSL站点,并且Google now请求,您的Web服务器(每个品牌和型号)将响应该IP上支持SSL的其中一个站点(通常是第一个)
我认为这没什么好担心的。这只是谷歌在所有网站上盲目地尝试SSL,即使是那些没有证书的网站