PageRank



轉移公告

計劃把 http://blog.hoamon.info/ 文章全部轉移至 http://www.hoamon.info/blog/ 這裡,而本 Blogger 站台的文章近 500 篇,我預計在 2014-12-31 前移轉完畢,完成後 http://blog.hoamon.info/ 將只作代轉服務,一律把舊連結如 http://blog.hoamon.info/index.html 轉成 http://www.hoamon.info/blog/index.html ,敬請舊雨新知互相走告。

新文章只發佈在 http://www.hoamon.info/blog/

何岳峰 敬上

2012年9月18日 星期二

StartSSL Extended Validation Certificate has sec_error_unknown_issuer error with Firefox


A few days ago, i bought a Extended Validation Certificate from www.startssl.com for my client( in strictly speaking, cooperate with someone's help ).


The price of two years EV certificate is more cheaper than other competitors's in Taiwan.  StartSSL EV quotes USD$199( closing to TWD 6,000 ), and the same level competitors in Taiwan quote TWD 55,000 ~ 90,000.  Yes, you did not lost, the ten times expensiveness.

But it costs something else, because the www.startssl.com is a Israel company, we must verify the personal and  company authorization with law notarization first.  This law jobs spend our half month.  Anyway, we done, and obtain a real green bar certificate now.

After i install and configure certificate in Nginx Server, Chrome and IE can pop up rightly, but Firefox alerts a "sec_error_unknown_issuer" message to me.

The solution is catching "sub.class4.server.ca.pem"( Exclusive only for Extended Validation Cert ) and "ca.pem" into your_example_domain.crt file, and the order must be "your_domain_crt", "sub.class4.server.ca.pem" and "ca.pem".  You can find the two files in the www.startssl.com/certs/.

Below is my Nginx conf:

listen                  443;
ssl                     on;
ssl_certificate         /etc/ssl/your_example_domain.crt;
ssl_certificate_key     /etc/ssl/your_example_domain.key;

This solution wasted me about one hour, because i did not known the sub.classX.server.ca.pem is different to free-class and Extended Validation Cert.  Free-class cert uses class1 and EV cert uses class4.

Finally, i got a green internet address bar.  So happy~

沒有留言:

張貼留言

Related Posts Plugin for WordPress, Blogger...