SSL certificate configuration for small program development to solve request fail problem

WeChat applet forces all interfaces to use https for access. However, after the server is configured with a certificate, it can be accessed normally using the IDE, but errors are always reported when using a real machine (both ios and andriod). Display request fail failed to complete the operation. KCFErrorDomainCFNetwork Error 301.

Solution

1. Geotrust first check your site. Solve some common problems, such as the intermediate certificate is not installed, etc.
2. WeChat supports, and only supports ssl_protocols TLSv1 TLSv1.1 TLSv1.2; therefore, you need to delete these protocols SSL V2 and SSL V3
3. Encryption method ssl_ciphers AES128+EECDH:AES128+EDH :!aNULL;

After solving it

After configuring, check it and it will look like this. There will also be BEAST info, which does not need to be processed.

The reference given by Tencent is https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=10_4

But Tencent is such a cheater, ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; The punctuation marks are in Chinese, so you know.

If nginx is configured using the above configuration file, it will be fine. If you use iis, you will find a method to modify the registry through google. After modifying the registry, restart the server and it will be fine.

For more SSL certificate configuration for small program development and solving the request fail problem, please pay attention to the PHP Chinese website for related articles!