Fatal编程技术网
  • ssl/
  • 为什么我的SSL证书在我的网站之间混用?

为什么我的SSL证书在我的网站之间混用?

ssl nginx

为什么我的SSL证书在我的网站之间混用?,ssl,nginx,Ssl,Nginx,我正在为我的Web服务器使用nginx,我主持3个主要网站,比如xyz.example.com,abc.example.com和example.com本身。 example.com和abc.example.com已经有一个SSL证书(两个正SSL)。我为第三个网站购买了另一个证书,xyz.example.com 因此,问题是:当xyz.example.com与SSL一起工作时,example.com返回NET::ERR\u CERT\u COMMON\u NAME\u INVALID,因为它试图


我正在为我的Web服务器使用nginx,我主持3个主要网站,比如
xyz.example.com
abc.example.com
example.com
本身。
example.com
abc.example.com
已经有一个SSL证书(两个正SSL)。我为第三个网站购买了另一个证书,
xyz.example.com

因此,问题是:当
xyz.example.com
与SSL一起工作时,
example.com
返回
NET::ERR\u CERT\u COMMON\u NAME\u INVALID
,因为它试图使用
xyz.example.com
的证书(从Chrome点击错误代码看到)。
当我从nginx
sites available
目录中删除
xyz.example.com
的文件时,
example.com
再次开始工作(但显然
xyz.example.com
不起作用)。
这是我的两个nginx配置文件。 xyz.example.com:

server {
   listen 80;
   server_name xyz.example.com;
   rewrite ^/(.*) https://xyz.example.com/$1 permanent;
}

server {
   listen 443 ssl;

   server_name xyz.example.com;
   ssl_certificate /var/www/certs/xyz_example/cert_chain.crt;
   ssl_certificate_key /var/www/certs/xyz_example/key.key;

   root /var/www/xyz;
   index index.php;
   client_max_body_size 5m;

   location / {
         try_files $uri $uri/ /index.html;
   }
   location ~ \.php$ {
         try_files $uri =404;
         fastcgi_pass unix:/var/run/php5-fpm.sock;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
   }
}

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
add_header Strict-Transport-Security max-age=31536000;

server {
    listen 80;
    server_name example.com www.example.com;
    rewrite ^/(.*) https://example.com/$1 permanent;
}

server {
    listen 443 ssl;

    server_name www.example.com;
    ssl_certificate /var/www/certs/missaglialfio/cert_chain.crt;
    ssl_certificate_key /var/www/certs/missaglialfio/chiave.key;

    rewrite ^/(.*) https://example.com/$1 permanent;
}

server {
    listen 443 ssl;

    server_name example.com

    ssl_certificate /var/www/certs/example/cert_chain.crt;
    ssl_certificate_key /var/www/certs/example/key.key;

    root /usr/share/nginx/html;
    index index.html index.htm;

    client_max_body_size 10M;

    location / {
        proxy_pass http://localhost:2368;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    } 
}
example.com:

server {
   listen 80;
   server_name xyz.example.com;
   rewrite ^/(.*) https://xyz.example.com/$1 permanent;
}

server {
   listen 443 ssl;

   server_name xyz.example.com;
   ssl_certificate /var/www/certs/xyz_example/cert_chain.crt;
   ssl_certificate_key /var/www/certs/xyz_example/key.key;

   root /var/www/xyz;
   index index.php;
   client_max_body_size 5m;

   location / {
         try_files $uri $uri/ /index.html;
   }
   location ~ \.php$ {
         try_files $uri =404;
         fastcgi_pass unix:/var/run/php5-fpm.sock;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
   }
}

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
add_header Strict-Transport-Security max-age=31536000;

server {
    listen 80;
    server_name example.com www.example.com;
    rewrite ^/(.*) https://example.com/$1 permanent;
}

server {
    listen 443 ssl;

    server_name www.example.com;
    ssl_certificate /var/www/certs/missaglialfio/cert_chain.crt;
    ssl_certificate_key /var/www/certs/missaglialfio/chiave.key;

    rewrite ^/(.*) https://example.com/$1 permanent;
}

server {
    listen 443 ssl;

    server_name example.com

    ssl_certificate /var/www/certs/example/cert_chain.crt;
    ssl_certificate_key /var/www/certs/example/key.key;

    root /usr/share/nginx/html;
    index index.html index.htm;

    client_max_body_size 10M;

    location / {
        proxy_pass http://localhost:2368;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    } 
}
哦?问题在哪里?ç.ç
请注意,在尝试保护
xyz.example.com
之前,
example.com
abc.example.com
一起工作良好(并且
abc.example.com
现在仍然工作良好)。 我已经重新下载了这两个证书文件并重新绑定了它们。
我真的不明白。。。有人能帮我吗?
谢谢

您的浏览器和nginx都支持SNI吗?他们都是。。。我使用的是Chrome v43.0.2357.124,nginx返回
TLS SNI支持已启用
。您的浏览器和nginx都支持SNI吗?他们都是。。。我使用的是Chrome v43.0.2357.124,nginx返回
TLS SNI支持已启用
。您的浏览器和nginx都支持SNI吗?他们都是。。。我使用的是Chrome v43.0.2357.124,nginx返回启用了TLS SNI支持的