gpt4 book ai didi

apache - SSL 证书不可信任 (COMODO)

转载 作者:太空宇宙 更新时间:2023-11-03 13:37:47 25 4
gpt4 key购买 nike

我正在让服务器为 PCI DSS 做好准备。除了我无法解决的问题外,没有其他问题。 PCI 扫描器 ( https://www.hackerguardian.com/ ),说 SSL 证书不可信:

SSL Certificate Cannot Be Trusted 443 / tcp / www

我已从链中删除所有其他证书,只留下一个专为该服务器购买的证书。它由 COMODO 签署,被认为是值得信赖的。这是证书转储:

openssl x509 -in /usr/local/psa/var/certificates/cert-f1nb7M -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
e6:3c:e1:95:56:07:3c:f7:4c:5e:b3:bd:06:6d:37:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Extended Validation Secure Server CA
Validity
Not Before: Nov 17 00:00:00 2015 GMT
Not After : Dec 3 23:59:59 2017 GMT
Subject: serialNumber=04045342/1.3.6.1.4.1.311.60.2.1.3=GB/businessCategory=Private Organization, C=GB/postalCode=BN27 2BY,
ST=East Sussex, L=Hailsham/street=Station Road/street=Unit 10 Swan Business Centre, O=Fuss 3 Solutions Ltd,
OU=COMODO EV SSL, CN=www.fuss3inkandtoner.co.uk
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
...................
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:39:DA:FF:CA:28:14:8A:A8:74:13:08:B9:E4:0E:A9:D2:FA:7E:9D:69

X509v3 Subject Key Identifier:
D1:C0:72:40:F1:A4:47:A6:FF:32:C4:56:6F:EF:F5:1E:40:6A:72:DC
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.1.5.1
CPS: https://secure.comodo.com/CPS

X509v3 CRL Distribution Points:

Full Name:
URI:http://crl.comodoca.com/COMODORSAExtendedValidationSecureServerCA.crl

Authority Information Access:
CA Issuers - URI:http://crt.comodoca.com/COMODORSAExtendedValidationSecureServerCA.crt
OCSP - URI:http://ocsp.comodoca.com

X509v3 Subject Alternative Name:
DNS:www.fuss3inkandtoner.co.uk, DNS:fuss3inkandtoner.co.uk
1.3.6.1.4.1.11129.2.4.2:
............
Signature Algorithm: sha256WithRSAEncryption
...............

证书是真实的,没有过期且域名匹配。我尝试过其他在线诊断工具,如 https://www.ssllabs.com/ssltest/analyze.html?d=fuss3inkandtoner.co.uk每个人都说证书很好。除了 hackersguardian.com,我需要通过 PCI 合规性。

我不是系统管理员,此证书是由其他人安装的(我认为是托管支持的系统管理员)。我需要你的建议来解决这个问题。提前谢谢你。

最佳答案

这是误报。当来自 COMODO (hackerguardian.com) 的安全扫描器报告 COMODO (!) 颁发的错误证书时,这是一件非常奇怪的事情。

关于apache - SSL 证书不可信任 (COMODO),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34066790/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com