I purchased a new commercial SSL certificate, but after configuring it, it keeps showing that the link is not trusted.
Please give me some advice to describe the problem better. Posting the URL is not advertising, I hope someone can give me some advice.
The following is the configuration file of nginx,
https://www.domain.com
server {
listen 443;
server_name www.domain.com;
index index.html index.htm index.php default.html default.htm default.php;
root /var/www;
include yb.conf;
#error_page 404 /404.html;
location ~ [^/]\.php(/|$)
{
# comment try_files $uri =404; to enable pathinfo
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
#include pathinfo.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
access_log /var/wwwlogs/www.
domain.com.log access;
ssl on;
ssl_certificate /var/www/conf/
domain.crt;
ssl_certificate_key /var/www/conf/server.key;
}I hope you can help me figure out what the problem is. When I tested it under Firefox, it always showed that the link was not trusted, and under IE, it showed that the connection was not encrypted.
I already want to die, wipe
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Firefox 28 on Linux has normal access. Check the certificate details (click the arrow below and there is an option to view the certificate in "Add Exception"). Has your certificate been replaced?
1. The Comodo certificate is really average
2. This is not a problem with Firefox, it’s because your certificate chain is not done properly.
3. Add the intermediate certificate and it will be OK.
Demo: https://yusky.me
If you still don’t understand, you can leave a message on my blog
Click the link below to test and you will know where the problem is:
https://www.ssllabs.com/ssltest/analyze.html?d=wuaidu.com
Look at the Certification Paths, the Extra downloads shown are all the intermediate certificates you are missing, and you need to cat them with your own certificates.
Of course, there are many other problems, just read the test report yourself.
The last one is attached. Your certificate is signed with SHA256, which will cause all XP SP2 and below systems to be unable to access normally with IE and Chrome (if you don’t care about such users, there will be no problem, or you can let them install Firefox).
Firefox needs to add a public certificate to the certificate you generate