Some browsers may complain(抱怨) about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues. This occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present(出現) in the certificate base of well-known trusted(信任) certificate authorities which is distributed(發布) with a particular browser. In this case the authority provides a bundle of(一束) chained certificates which should be concatenated(連接) to the signed server certificate. The server certificate must appear before the chained certificates in the combined file:
解釋:
某些瀏覽器有時可能會抱怨知名證書頒發機構簽名的證書,但是另一些瀏覽器可能會接受改證書而不會產生任何問題。產生該問題的原因就是證書頒發機構采用了“中間證書”來
作為服務器認證,但是該中間證書卻沒有包含在知名證書頒發機構對特定瀏覽器頒發的可信任基證書庫中。解決方案就是權威證書頒發機構提供一系列的“chained certificates”,
這些鏈證書被鏈接用于簽名服務器認證。在同一個證書文件中 “服務器證書” 必須出現在 “chained certificates”的前面。
參考:http://lukejin.iteye.com/blog/587200
生產實際使用:
