问题
We had to update our certificate for our ecommerce website recently and ever since we've noticed weird behavior in Firefox and other browsers. About half the computers in the office, as well as my home computer complain that the certificate chain is not complete (Very odd it's not universal). I can view the chain in the Firefox certificate viewer and see that it doesn't have a chain.
Meanwhile Chrome's chain looks fine. This leads me to believe that there isn't an issue with our install of the certificate, as there's a chain there to be read, but Firefox can't seem to see it.
I should note that it seems to have the same issue in Chrome on Android. So is this our problem or Firefox's?
回答1:
This is typically the case when the server does not send all necessary intermediate certificates. Chrome on Desktop will go and fetch them. Firefox will use any intermediate certificates cached from previous connections to other sites but will not fetch missing certificates, thus some Firefox instances might work while others not. Chrome on Android will also not fetch missing certificates.
The issue needs to be fixed on the server side. If you check the server at SSLLabs you will probably see a note regarding "chain issues". Add the necessary certificates (they are listed at the report) until you don't see this note any longer and then it should work with the other browsers too.
来源:https://stackoverflow.com/questions/30360581/certificate-chain-valid-in-chrome-not-firefox-or-android