每月彙整: 2016 年 5 月

SSL 憑證安裝

今天在安裝 images.abic.com.tw 的憑證的時候
發現在 mobile 的 chrome 上都會發生錯誤…
檢查了一下發現是 SSL Certificate Chain 的問題, 因為我在 server 只上了自已 domain 的憑證
沒把 Intermediate certificate 加上去造成的

Creating a .pem with the Entire SSL Certificate Trust Chain

  1. Log into your DigiCert Management Console and download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
  2. Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
    1. The Primary Certificate – your_domain_name.crt
    2. The Intermediate Certificate – DigiCertCA.crt
    3. The Root Certificate – TrustedRoot.crt

    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    —–BEGIN CERTIFICATE—–
    (Your Primary SSL certificate: your_domain_name.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Intermediate certificate: DigiCertCA.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Root certificate: TrustedRoot.crt)
    —–END CERTIFICATE—–

    Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

上述紅色的部份就是我們完整的 SSL Certificate

檢查 ssl Certificate 的工具
https://cryptoreport.rapidssl.com/checker/views/certCheck.jsp

參考資料
https://www.digicert.com/ssl-support/pem-ssl-creation.htm
https://www.linode.com/docs/platform/nodebalancer/nodebalancer-ssl-configuration