計劃把 文章全部轉移至 這裡,而本 Blogger 站台的文章近 500 篇,我預計在 2014-12-31 前移轉完畢,完成後 將只作代轉服務,一律把舊連結如 轉成 ,敬請舊雨新知互相走告。


何岳峰 敬上

2012年9月18日 星期二

StartSSL Extended Validation Certificate has sec_error_unknown_issuer error with Firefox

A few days ago, i bought a Extended Validation Certificate from for my client( in strictly speaking, cooperate with someone's help ).

The price of two years EV certificate is more cheaper than other competitors's in Taiwan.  StartSSL EV quotes USD$199( closing to TWD 6,000 ), and the same level competitors in Taiwan quote TWD 55,000 ~ 90,000.  Yes, you did not lost, the ten times expensiveness.

But it costs something else, because the is a Israel company, we must verify the personal and  company authorization with law notarization first.  This law jobs spend our half month.  Anyway, we done, and obtain a real green bar certificate now.

After i install and configure certificate in Nginx Server, Chrome and IE can pop up rightly, but Firefox alerts a "sec_error_unknown_issuer" message to me.

The solution is catching ""( Exclusive only for Extended Validation Cert ) and "ca.pem" into your_example_domain.crt file, and the order must be "your_domain_crt", "" and "ca.pem".  You can find the two files in the

Below is my Nginx conf:

listen                  443;
ssl                     on;
ssl_certificate         /etc/ssl/your_example_domain.crt;
ssl_certificate_key     /etc/ssl/your_example_domain.key;

This solution wasted me about one hour, because i did not known the is different to free-class and Extended Validation Cert.  Free-class cert uses class1 and EV cert uses class4.

Finally, i got a green internet address bar.  So happy~



Related Posts Plugin for WordPress, Blogger...