Let's Encrypt certificate not trusted on Firefox

生来就可爱ヽ(ⅴ<●) 提交于 2020-06-27 10:10:11

问题


I just added the certificate in IIS 8 (Windows Server 2012) using letsencrypt-win-simple.V1.9.1 . There are no problems in Google Chrome but in Firefox the connection is not trusted.

I followed this tutorial : https://weblog.west-wind.com/posts/2016/feb/22/using-lets-encrypt-with-iis-on-windows#TheEasyWay:LetsEncrypt-Win-Simple .


回答1:


Upon cursory examination, it would appear that you have a valid SSL certificate installed and configured. However, more thorough analysis courtesy of the Qualsys SSL Labs tool exposes a few issues: https://www.ssllabs.com/ssltest/analyze.html?d=beta.gplay.ro&latest

First, directly relating to the certificate, your server does not supply a certificate chain to the client, only the domain certificate. This requires them to go and download the Lets Encrypt Authority X3 certificate themselves in order to reconstruct the chain back to the DST Root CA X3. Any client that doesn't have that intermediate cert in their trust store and fails to successfully download a copy would fail the validation.

Second, your server has support for SSLv3 enabled, which is deprecated and regarded as a security risk, because it exposes the server to a plethora of vulnerabilities such as POODLE. You also have support for several very weak ciphers enabled, which doesn't help.

I would recommend configuring IIS to serve the full certificate chain instead of just the domain certificate, as well as disable support for SSLv3, if possible. If Firefox still doesn't like your certificate after that, more in-depth troubleshooting may be necessary.




回答2:


The answer above helped me a lot in finding a solution.

I installed the certificate using Certify: https://certify.webprofusion.com/ and it worked.

Regarding the outdated protocols ... Download IIS Crypto: https://www.nartac.com/Products/IISCrypto

Click on Best Practices (it will automatically select the recommended protocols and ciphers) and Apply. Then restart your server and everything is fixed .



来源:https://stackoverflow.com/questions/42611180/lets-encrypt-certificate-not-trusted-on-firefox

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!