Project

General

Profile

バグ #578

中間証明書のチェインが不正

Added by みぞ @mizo0203 over 4 years ago. Updated over 4 years ago.

Status:
完了
Priority:
通常
Start date:
10/27/2020
Due date:
% Done:

100%

Estimated time:

Description

$ curl https://servlet.mizo0203.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$ openssl s_client -connect servlet.mizo0203.com:443 -showcerts
# 〜省略〜
    Verify return code: 21 (unable to verify the first certificate)
# 〜省略〜

⇒ 中間証明書のチェインが不正


⇒ SSLCertificateChainFile の値を修正して、改修効果あり

/etc/httpd/conf/httpd.conf の差分 :

 <VirtualHost *:443>
     ServerName servlet.mizo0203.com
     ProxyRequests Off
     ProxyPass / ajp://localhost:8009/
     SSLEngine on
     SSLCertificateFile /xxxx/xxxx/servlet.mizo0203.com.crt
     SSLCertificateKeyFile /xxxx/xxxx/xxxx.key
+    SSLCertificateChainFile /xxxx/xxxx/JPRS_DVCA_G3_PEM_20200710.cer
 </VirtualHost>

参考

Also available in: Atom PDF