I'm starting an app on openshift. I've purchased comodo positive ssl from namecheap and followed the instructions to install on openshift. It works fine on desktop browsers but i get the following "not trusted" error on android browsers. I have not tried IOS.
我在openshift上启动一个应用。我从namecheap上购买了comodo positive ssl,并按照openshift上的安装说明进行安装。它在桌面浏览器上运行良好,但是我在android浏览器上看到了以下“不可信”的错误。我没有尝试过IOS。
i uploaded following files to openshift:
我上传了以下文件到openshift:
-
stylistcity_com.crt
stylistcity_com.crt
-
server.key
server.key
Other files i have that were not used include:
其他未使用的文件包括:
- server.csr
- server.csr
- server.pass.key
- server.pass.key
- AddTrustExternalCARoot.crt
- AddTrustExternalCARoot.crt
- PositiveSSLCA2.crt
- PositiveSSLCA2.crt
Any help would be appreciated.
如有任何帮助,我们将不胜感激。
4 个解决方案
#1
11
Thanks to @stenwt from the openshift irc channel, It finally work. Here is what i did.
感谢openshift irc频道的@stenwt,它终于可以工作了。这是我所做的。
cat mycert.crt cacert.ca > myapp.pem; rhc alias update-cert appname www.domain.com --certificate myapp.pem --private-key myapp.key --passphrase 'mypass'
#2
0
You have to add the intermediate certificate(s) (the other *.crt) too, because otherwise the browser is not able to verify the certificate chain up to the builtin trusted CA. The only reason that the verification with the desktop browsers succeed is because you already visited sites which use the same intermediate certificates and the browser cached them. If you would use a fresh browser setup (or a new profile with firefox) verification would there fail too.
你必须添加中级证书(s)(其他* .crt),否则浏览器无法验证证书链的内装式受信任的CA。唯一的原因与桌面浏览器验证成功是因为你已经访问了网站使用相同的中级证书和浏览器缓存。如果您使用新的浏览器设置(或使用firefox的新配置文件),验证也会失败。
#3
0
Had a bit of trouble with the method that worked for OP. For PositiveSSL, on OpenShift, this worked for me:
对于opo, PositiveSSL, OpenShift,这个方法对我来说有点麻烦:
cat mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
rhc alias update-cert myappname www.mydomain.com --certificate ssl-bundle.crt --private-key mydomain_com.key --passphrase 'mypassphrase'
Replace mydomain_com.crt with your main domain cert from Comodo
Replace myappname with your OpenShift app name
Replace www.mydomain.com with your domain alias (the one on OpenShift for your app)
Replace mydomain_com.key with the filename for your private key
Replace mypassphrase with your SSL passphrase
取代mydomain_com。用你的主要域名证书替换crt用你的OpenShift应用名称替换myappname用你的域名别名替换www.mydomain.com(你的应用在OpenShift上)替换mydomain_com。私钥的文件名用SSL密码短语替换mypassphrase
#4
0
I've opened certificate.ca.crt and certificate.crt, with conTEXT editor, I copied the contents of certificate.crt and have pasted to the principle of certificate.ca.crt and have saved as certificate.pem, after I've uploaded to OpenShift web console, in SSL certificate *, the first box. Fixed !!
我打开certificate.ca。crt和证书。crt,通过上下文编辑器,我复制了证书的内容。并已粘贴到认证的原则。已保存为证书。pem,在我上传到OpenShift web控制台后,在SSL证书*中,第一个框。固定! !
#1
11
Thanks to @stenwt from the openshift irc channel, It finally work. Here is what i did.
感谢openshift irc频道的@stenwt,它终于可以工作了。这是我所做的。
cat mycert.crt cacert.ca > myapp.pem; rhc alias update-cert appname www.domain.com --certificate myapp.pem --private-key myapp.key --passphrase 'mypass'
#2
0
You have to add the intermediate certificate(s) (the other *.crt) too, because otherwise the browser is not able to verify the certificate chain up to the builtin trusted CA. The only reason that the verification with the desktop browsers succeed is because you already visited sites which use the same intermediate certificates and the browser cached them. If you would use a fresh browser setup (or a new profile with firefox) verification would there fail too.
你必须添加中级证书(s)(其他* .crt),否则浏览器无法验证证书链的内装式受信任的CA。唯一的原因与桌面浏览器验证成功是因为你已经访问了网站使用相同的中级证书和浏览器缓存。如果您使用新的浏览器设置(或使用firefox的新配置文件),验证也会失败。
#3
0
Had a bit of trouble with the method that worked for OP. For PositiveSSL, on OpenShift, this worked for me:
对于opo, PositiveSSL, OpenShift,这个方法对我来说有点麻烦:
cat mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
rhc alias update-cert myappname www.mydomain.com --certificate ssl-bundle.crt --private-key mydomain_com.key --passphrase 'mypassphrase'
Replace mydomain_com.crt with your main domain cert from Comodo
Replace myappname with your OpenShift app name
Replace www.mydomain.com with your domain alias (the one on OpenShift for your app)
Replace mydomain_com.key with the filename for your private key
Replace mypassphrase with your SSL passphrase
取代mydomain_com。用你的主要域名证书替换crt用你的OpenShift应用名称替换myappname用你的域名别名替换www.mydomain.com(你的应用在OpenShift上)替换mydomain_com。私钥的文件名用SSL密码短语替换mypassphrase
#4
0
I've opened certificate.ca.crt and certificate.crt, with conTEXT editor, I copied the contents of certificate.crt and have pasted to the principle of certificate.ca.crt and have saved as certificate.pem, after I've uploaded to OpenShift web console, in SSL certificate *, the first box. Fixed !!
我打开certificate.ca。crt和证书。crt,通过上下文编辑器,我复制了证书的内容。并已粘贴到认证的原则。已保存为证书。pem,在我上传到OpenShift web控制台后,在SSL证书*中,第一个框。固定! !