原因在于chrome的支持发生变化。下面是详细说明。
1. 背景说明:
Google Chrome在4月24日发布的Chrome58做了SSL安全相关的变动,58之前版本Chrome 支持检查SSL证书对域名生效的“通用名称”字段。从Chrome 58开始,只通过校验SAN属性验证证书的有效性, 此更改只会影响私有PKI和其他未遵循规范的软件。如果您发现任何网站返回错误“NET :: ERR_CERT_COMMON_NAME_INVALID”,可能是由于证书不正确使用SAN。 这对联想内部已经签发的SSL证书会造成一定的影响。
2. 解决方法:
重新生成域名包含在SAN扩展中的CSR(证书申请文件)并提交申请,收到新签发的证书后重新导入应用使用。可参考附件操作手册进行生成包含SAN扩展的CSR。
3. 新旧证书区别比对:
4. 相关公告:
中文:https://www.itrus.cn/news_view_309.html
英文:https://bugs.chromium.org/p/chromium/issues/detail?id=700595&desc=2
1. Background Description:
Google Chrome posted Chrome58 on April 24th with a security-related change on SSL. 58 previous versions of Chrome support to check the "common name" field that the SSL certificate takes effect on the domain name, but begin with Chrome 58 version, it verify the validity of the certificate just by checking the SAN attribute. This change only affects private PKI and other non-compliant software. If you find any site that returns the error "NET :: ERR_CERT_COMMON_NAME_INVALID", it might be because the certificate is incorrectly using the SAN. And This will have a certain impact on the SSL certificate already issued by Lenovo.
2. Solution:
Rebuild CSR (certificate request file) with the domain name included a Subject Alternative Name extension and submit the application, use by re-import the application after receiving the newly issued certificate. Details can refer to the attachment to generate a CSR with a SAN attribute manually.
3. The difference between the old and new certificates
4. Related Announcement:
Chinese:https://www.itrus.cn/news_view_309.html
English:https://bugs.chromium.org/p/chromium/issues/detail?id=700595&desc=2
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
