SSL 和 .htaccess 强制使用 https

发布于 2024-12-25 01:25:27 字数 527 浏览 3 评论 0 原文

我以前从未这样做过

这是我当前的 .htaccess 文件，我希望它告诉浏览器切换到 HTTPS。

AddHandler php5-script .php

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ index.php?r=$1 [L,QSA]

网站 JacoInc.com 有 SSL，但是 Chrome 给出了这样的消息：

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

我不知道为什么会出现这种情况。是因为 MediaTemple 还是我正在做的事情？

原文

I have never done this before

This is my current .htaccess file, I want it to tell the browser to switch to HTTPS.

AddHandler php5-script .php

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ index.php?r=$1 [L,QSA]

The website JacoInc.com has a SSL however Chrome gives this message:

The identity of this website has not been verified.
 • Server's certificate does not match the URL.

I don't know why this comes up. Is it because of MediaTemple or something that I'm doing?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

风为裳 2025-01-01 01:25:27

这不是一个编程问题（不适用于 StackOverflow），线索就在错误消息中。

您链接到的站点的证书具有以下主题备用名称：

DNS Name: *.gridserver.com
DNS Name: gridserver.com

因此，它仅对这些名称有效（请参阅 RFC 6125 和 RFC 2818）：

如果存在 dNSName 类型的 subjectAltName 扩展，则必须
被用作身份。否则，（最具体的）通用名称
必须使用证书的主题字段中的字段。虽然
使用通用名称是现有做法，已被弃用并且
鼓励证书颁发机构改用 dNSName。

使用指定的匹配规则进行匹配
[RFC2459]。如果给定类型的多个标识存在于
证书（例如，多个 dnsName 名称、任何一个中的匹配项）
该集合被认为是可接受的。）名称可以包含通配符
字符 * 被认为匹配任何单个域名
组件或组件片段。例如，.a.com 与 foo.a.com 匹配，但是
不是 bar.foo.a.com。 f.com 与 foo.com 匹配，但与 bar.com 不匹配。

这与.htaccess无关。

顺便说一句，通过重写规则从 http:// 到 https:// 的重定向仅在 http:// 请求完成后才会发生。被做了。确保您在使用后一直停留在 https:// 上，不要依赖此将所有链接自动转换为 https://。

This is not a programming question (not for StackOverflow), and the clue is in the error message.

The certificate for the site you're linking to has the following Subject Alternative Names:

DNS Name: *.gridserver.com
DNS Name: gridserver.com

Therefore, it's only valid for these names (see RFC 6125 and RFC 2818):

If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.

Matching is performed using the matching rules specified by
[RFC2459]. If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., .a.com matches foo.a.com but
not bar.foo.a.com. f.com matches foo.com but not bar.com.

This has nothing to do with .htaccess.

As a side note, redirections via rewrite rules from http:// to https:// only happen after the http:// request has been made. Make sure you stay on https:// once you're on it, don't rely on this for all your links to be turned to https:// automatically.