为什么我的SSL证书在我的网站之间混用?
为什么我的SSL证书在我的网站之间混用?,ssl,nginx,Ssl,Nginx,我正在为我的Web服务器使用nginx,我主持3个主要网站,比如xyz.example.com,abc.example.com和example.com本身。 example.com和abc.example.com已经有一个SSL证书(两个正SSL)。我为第三个网站购买了另一个证书,xyz.example.com 因此,问题是:当xyz.example.com与SSL一起工作时,example.com返回NET::ERR\u CERT\u COMMON\u NAME\u INVALID,因为它试图
我正在为我的Web服务器使用nginx,我主持3个主要网站,比如
xyz.example.com
,abc.example.com
和example.com
本身。example.com
和abc.example.com
已经有一个SSL证书(两个正SSL)。我为第三个网站购买了另一个证书,xyz.example.com
因此,问题是:当
xyz.example.com
与SSL一起工作时,example.com
返回NET::ERR\u CERT\u COMMON\u NAME\u INVALID
,因为它试图使用xyz.example.com
的证书(从Chrome点击错误代码看到)。当我从nginx
sites available
目录中删除xyz.example.com
的文件时,example.com
再次开始工作(但显然xyz.example.com
不起作用)。这是我的两个nginx配置文件。 xyz.example.com:
server {
listen 80;
server_name xyz.example.com;
rewrite ^/(.*) https://xyz.example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name xyz.example.com;
ssl_certificate /var/www/certs/xyz_example/cert_chain.crt;
ssl_certificate_key /var/www/certs/xyz_example/key.key;
root /var/www/xyz;
index index.php;
client_max_body_size 5m;
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
add_header Strict-Transport-Security max-age=31536000;
server {
listen 80;
server_name example.com www.example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /var/www/certs/missaglialfio/cert_chain.crt;
ssl_certificate_key /var/www/certs/missaglialfio/chiave.key;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name example.com
ssl_certificate /var/www/certs/example/cert_chain.crt;
ssl_certificate_key /var/www/certs/example/key.key;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 10M;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
example.com:
server {
listen 80;
server_name xyz.example.com;
rewrite ^/(.*) https://xyz.example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name xyz.example.com;
ssl_certificate /var/www/certs/xyz_example/cert_chain.crt;
ssl_certificate_key /var/www/certs/xyz_example/key.key;
root /var/www/xyz;
index index.php;
client_max_body_size 5m;
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
add_header Strict-Transport-Security max-age=31536000;
server {
listen 80;
server_name example.com www.example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate /var/www/certs/missaglialfio/cert_chain.crt;
ssl_certificate_key /var/www/certs/missaglialfio/chiave.key;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
server_name example.com
ssl_certificate /var/www/certs/example/cert_chain.crt;
ssl_certificate_key /var/www/certs/example/key.key;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 10M;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
哦?问题在哪里?ç.ç请注意,在尝试保护
xyz.example.com
之前,example.com
和abc.example.com
一起工作良好(并且abc.example.com
现在仍然工作良好)。
我已经重新下载了这两个证书文件并重新绑定了它们。我真的不明白。。。有人能帮我吗?
谢谢 您的浏览器和nginx都支持SNI吗?他们都是。。。我使用的是Chrome v43.0.2357.124,nginx返回
TLS SNI支持已启用
。您的浏览器和nginx都支持SNI吗?他们都是。。。我使用的是Chrome v43.0.2357.124,nginx返回TLS SNI支持已启用
。您的浏览器和nginx都支持SNI吗?他们都是。。。我使用的是Chrome v43.0.2357.124,nginx返回启用了TLS SNI支持的。