连接错误,不安全 并不是hsts的锅 chrome://net-internals/#hsts, 大部分原因还是证书的问题
NET::ERR_CERT_COMMON_NAME_INVALID
证书域名和实际访问的域名要匹配:SAN
证书中增加SAN域名
open ssl
openssl genrsa -out server.key 1024
openssl req -new -x509 -days 3650 -key server.key -out server.crt -subj "/C=CN/ST=mykey/L=mykey/O=mykey/OU=mykey/CN=*.alibaba-inc.com/CN=*.alibaba.net/CN=domain3"
区分证书中的cn san
sudo vim /etc/pki/tls/openssl.cnf
nginx配置
# HTTPS server
server {
listen 443 ssl;
server_name xxxx.alibaba.net;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location ~ / {
proxy_pass http://127.0.0.1:7001;
}
location = /nginx_status {
return 200;
}
}
结果
在chrome中的正确示例