安卓手機上微信無法打開Https網址的完美解決方案


1,第三方網站檢測網站的SSL證書是否正確的安裝

https://www.geocerts.com/ssl-checker ,大概率你會看到下邊的場景,一個證書鏈完整的警告,如果想知道我的基礎配置是什么,請看 申請 Let’s Encrypt 泛域名證書 及 Nginx/Apache 證書配置

2,我的網站是Apache提供服務的,就要考慮增加配置

我的配置文件是httpd-ssl.conf。其他平台均正常,安卓微信無法打開的配置如下:

#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"

Let`s Encrypt生成證書如下:

完美的解決方案其實不止一種,共八種,如下:

方案一:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
 

方案二:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
 

方案三:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"

方案四:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"

方案五:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"

方案六:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"

方案七:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"

方案八:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"

 

以上八種方案產生原理是只要增加配置Server Certificate Chain和Certificate Authority (CA)任一均可,同時配置也可;證書可用的是chain.pem和fullchain.pem;

增加配置完成之后,重啟Apache服務器,再次檢測網站的證書配置https://www.geocerts.com/ssl-checker,此時你看到如下圖所示:

此時證書鏈完整,安卓手機上的微信也可以打開https的網址啦!覺得有用的,可以關注我,給我點贊。我會努力寫出更多有價值的博文的。

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM