A lot of people begin to use HTTPS to increase secret agreement, nevertheless classics regular meeting encounters such situation, the safe letter that the browser displays to the safe certificate of " this website has this website of problem " and " to issue already expired or return not become effective " , at the same time the address column of the browser also does not have green lock, the link pales, still delimit sprit red line, have letter of some of good SSL of website firm deploy even, play a window with respect to what clew expires, what reason is this? How should be solved? Teach everybody to platoon of one by one investigates a matter and solve this problem today!
One, above all, discharge the reason that fish hints SSL certificate expires or disables first
The reason that clew SSL certificate expires or disables:
1, website SSL certificate expired really. Website clew expires or disable, should check certificate to whether had expired for a short while. According to Https safety certificate signs and issue international standard, https safe certificate is issued cannot exceed 39 months. So, effect period reachs average SSL certificate two years only. Whether has certificate of the examination when enterprise or individual stationmaster otherwise expired.
2, mistake of computer system time. Next, check systematic time, if systematic time does not begin to come in Ssl certificate,end inside time, bring about a browser likely clew Ssl certificate already expired or not become effective.
3, outside join website certificate expires. Before two methods are insoluble, whether does certificate of website of the join outside detecting then expire. The site cites other deploy of Https safe certificate outside catenary, if this outside the certificate of catenary expired to also can hint corresponding mistake. Can detect the terminal unit that the catenary outside going out has certificate mistake has: Mobile phone browser, PC carries IE6 (IE6 above do not hint) .
4, certificate was not installed correctly. Also can be hinted by the browser when visitting a website risk, http resource exists in Https page for instance call, the browser of version of Ie kernel part can hint this page is put in insecure element. (Red fox and cereal song also have the safe clew that belongs to his)
5, use sign SSL letter oneself. Signing SSL certificate just as its name implies oneself is individual or the certificate that the organization signs and issue by oneself, have very big safe risk, be atttacked more easily, won't be trusted by the browser.
6, use versatility not the certificate of beautiful. Same, the versatility that uses small-sized service business to sign and issue not beautiful SSL certificate also is be not trusted by browser place.
2, after the platoon is checked, solve the problem that clew SSL certificate expires or disables:
The means of settlement that clew SSL certificate expires or disables:
1, website SSL certificate expires: Add visa book perhaps buys certificate afresh.
2, mistake of computer system time: Adjust the time of computer system to Https safety in certificate period of efficacy can.
3, outside join website certificate expires: Website of the catenary outside the catenary outside needing cancel or connection changes also or it is certificate of add cost Ssl.
4, certificate did not install correctly: Reinstall certificate, or assistance of connection customer service installs certificate.
5, use sign SSL letter oneself: From visa book safety the risk is compared big, because this suggests to use the browser letter that the CA orgnaization that gets credit issues, be like: Number of GlobalSign, GeoTrust, Symantec, GDCA installs a times to wait. ?
6, use versatility not the certificate of beautiful: Because certificate trusts the top layer of catenary is CA orgnaization, and the public letter power that these small service business lack CA orgnaization, do not get browser credit. So the proposal chooses to pass the attestation of international Webtrust standard, had international electron attestation to serve the CA orgnaization of ability.
Overdue reason nothing more than it is these a few kinds, if the issue that cannot resolve can seek advice from professional personage, exactly the amount installs times GDCA, provide 7*24 hour service, hour is online, solve a problem quickly, always choose to count the website user that brings letter of times GDCA SSL, number installs times GDCA to be able to be offerred free support of man-to-man deploy of Ssl certificate technology, if need connects customer service to government-owned net, solve a problem at any time.
Textual link: Https://www.trustauth.cn/news/security-news/26595.html
