首页 文章

Google显示SSL错误消息

提问于
浏览
2

我的客户正在收到来自Google的关注消息 .

站点主机名https://abc.meusite.com与您的SSL证书不符主题名称我们注意到您站点的主机名https://abc.meusite.com与SSL证书中的任何"Subject Names"都不匹配,其中包括:secured.meusite.com因此,许多Web浏览器将阻止用户访问您的站点,或在访问您的站点时显示安全警告消息 . 建议的操作要解决此问题,请通过证书颁发机构(CA)获取与您的主机名匹配的"Subject Name"或"Subject Alternative DNS Names"的新SSL证书 .

我注意到我可以在证书中添加替代名称,但是这个URL没有't use SSL. It' s http://abc.meusite.com用户正在放置"s" .

我需要做什么来谷歌停止发送警报消息?

Windows Server 2008, IIS 7 e .NET 3.5

.net ssl windows-server-2008

3 回答

  • 1

    导致错误,因为Google会在几天内尝试为Google网站站长工具中注册的所有网站提供SSL版本 .

    如果您在同一IP上托管SSL和非SSL站点并且Google现在请求https://www.never-meant-for-ssl.com/,则您的网络服务器(每个品牌和型号)将响应其中一个支持该IP上的SSL的网站(通常是第一个) .

    我不认为这是值得担心的事情 . 它只是谷歌盲目地在所有网站上尝试SSL,即使是那些没有证书的网站 .

    回复于
  • 2

    您可以在web.config文件中配置HTTPS连接以重定向到HTTP .

    但是,SSL证书的存在表明网站上可能存在值得保护的内容 . 如果是这种情况,更好的方法是添加主题备用名称,并从另一个方向重定向从HTTP到HTTPS .

    您可以将以下内容添加到web.config以从HTTP重定向到HTTPS(并在该代码段中针对另一个方向反向提及http和https)

    <system.webServer>
<rewrite>
  <rules>
    <rule name="Redirect to HTTPS" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="^OFF$" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>
</system.webServer>
    回复于
  • 1

    我认为Eric J.得到了重定向问题 . 从OpenSSL的s_client,以下是您的证书问题 .

    • 主题:CN = www.parkingcrew.com ... - 不要将CN用于DNS名称

    • www.parkingcrew.com 是完全错误的

    • 缺少SAN: abc.meusite.com

    显然,您的证书也应该具有 secured.meusite.com 作为SAN .

    因此,您的证书应至少具有三个SAN . 你也回答 www ,所以说那四个 . (除了删除DNS CN和错误的DNS名称) .

    • meusite.com

    • www.meusite.com

    • abc.meusite.com

    • secured.meusite.com

    这是 s_client 的输出:

    $ echo | openssl s_client -connect abc.meusite.com:443 -servername abc.meusite.com 2>/dev/null | openssl x509 -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:29:f1:07:8e:b3:c6:7f:68:89:fd:3c:e4:29:32:83
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Thawte, Inc., OU=Domain Validated SSL, CN=Thawte DV SSL CA
        Validity
            Not Before: Apr 10 00:00:00 2014 GMT
            Not After : Jul  1 23:59:59 2017 GMT
        Subject: OU=Go to https://www.thawte.com/repository/index.html, OU=Thawte SSL123 certificate, OU=Domain Validated, CN=www.parkingcrew.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c7:ef:c5:98:53:37:92:91:90:12:4f:46:0f:45:
                    a2:85:85:e7:27:cb:97:4f:2d:84:f6:0c:7a:9e:71:
                    06:d5:14:3d:43:55:b4:9f:4e:f9:11:9b:49:ec:74:
                    df:08:0b:30:2a:17:95:03:93:43:47:59:5f:ba:02:
                    00:0f:9c:b0:89:76:4e:4e:07:b5:59:42:f7:83:1f:
                    25:63:5c:b3:1e:60:77:f9:73:95:06:b8:d7:6c:b7:
                    01:e3:49:e3:02:6b:09:b1:74:e7:39:2a:0e:24:86:
                    f9:2d:39:0a:7a:06:e2:7c:80:ce:f6:67:5a:e6:13:
                    77:a9:1c:d5:c6:76:b8:6b:cd:7b:1c:2a:73:f4:80:
                    68:69:06:5b:e7:0a:83:0d:fc:97:ce:f7:17:55:ed:
                    32:cc:fd:ea:ad:8d:82:0f:dd:d4:b2:99:6d:9a:5f:
                    a6:ef:7b:b4:62:eb:3e:3a:b7:43:e6:d7:59:dd:f1:
                    59:e6:87:95:ea:25:80:29:90:58:6e:d1:61:55:e2:
                    03:ba:47:f9:b1:f9:18:a5:47:8e:69:77:b1:39:dc:
                    73:24:28:1b:95:c3:db:2d:2c:f6:ca:8c:7f:71:9b:
                    b0:db:bf:46:17:90:db:49:38:d4:24:c2:c1:e9:44:
                    a2:ba:a0:8e:1a:4f:a4:e5:f8:af:3c:77:c5:1b:38:
                    8d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:www.parkingcrew.com
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://svr-dv-crl.thawte.com/ThawteDV.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.54
                  CPS: https://www.thawte.com/cps

            X509v3 Authority Key Identifier: 
                keyid:AB:44:E4:5D:EC:83:C7:D9:C0:85:9F:F7:E1:C6:97:90:B0:8C:3F:98

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://ocsp.thawte.com
                CA Issuers - URI:http://svr-dv-aia.thawte.com/ThawteDV.cer

    Signature Algorithm: sha1WithRSAEncryption
         8d:1e:d9:92:2d:1f:b3:aa:61:d2:3b:31:ac:ec:de:18:18:4e:
         cb:52:13:f9:b7:ff:bc:95:8d:67:6d:3e:e7:3f:78:7f:2c:13:
         a8:9e:04:91:8b:40:47:db:38:60:5d:48:e1:1f:49:ad:20:6e:
         5c:51:05:ad:61:dc:dd:10:7a:61:d5:dd:ef:66:8b:5f:cb:5c:
         2b:b9:8a:ed:dd:4b:c2:14:b2:b0:4b:6e:64:c1:09:8e:2e:aa:
         80:b1:56:32:1c:d3:bd:94:30:18:16:c9:c0:7e:5c:c7:f0:ee:
         05:60:77:eb:ff:81:98:ff:8d:d6:f9:95:40:9e:0a:da:8b:d3:
         64:2c:80:55:4d:d1:a1:06:e9:58:02:32:02:96:d4:ba:b9:12:
         11:06:0a:1d:d9:ca:76:95:a5:b0:c9:86:21:8a:41:cf:d9:8a:
         11:57:5d:da:cd:3c:27:19:93:b2:50:1d:ed:fb:74:57:0e:32:
         58:5d:5e:72:6d:13:5a:81:2a:ce:2e:bf:8c:d1:18:64:0d:e4:
         c1:98:33:4e:28:46:3a:84:d2:fd:5e:0b:ff:dc:ac:f6:69:a9:
         06:ec:83:bc:75:d1:51:da:14:ca:12:a1:d4:1a:9a:9d:05:da:
         5b:4c:ec:64:62:c3:43:38:35:3e:30:2d:25:90:8a:4f:5a:d5:
         cd:e0:13:7d
    回复于

相关问题