阿里云CDN配置https证书
2017-08-17CDN配置SSL证书后,用openssl s_client -connect ns:443测试,返回结果一直是*.ucdl.pp.uc.cn。
1、重新配置证书,注意将CA证书罗列在ssl证书下面,反了会提示证书和私钥不匹配
例如:64个字符宽
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgIQLeG58PjT0reLs/yfivZsIDANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MDgxNjAwMDAwMFoXDTE4MTExNTIzNTk1
OVowGTEXMBUGA1UEAwwOKi5zb3BlcnNvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfhxpkEPRIh5XB6eI5/8h1hhEh8klJ5k1Z55WM39TYXzkE
jiGhrU7GTThYrPnCN6rl8rds477QB/VWH/9Ix0z6+1LdD7oQKc/v+0L4oUv609Aa
oauvetbbcEhoOAbQgR8MB5A9QbnpkZpT62TRIjAqK+MkXtz9gKgcdocOxRLNSH9j
evQgDycZpeECa9OEPXucrDjIw1SQTPzcjdM4L6JQWQHmPpxsTeCNDE2U9roInYPm
M+w3liaT451vE+5rp2Sxiw0/YlfUCt4R3ETEQLnjVmv3TtOFkP1/y9FmnsXJB5wm
Ix2O+nhFAU/DaYhnBdiqg7WXeLY5BXc+TCWnw9ejAgMBAAGjggMBMIIC/TAnBgNV
HREEIDAegg4qLnNvcGVyc29uLmNvbYIMc29wZXJzb24uY29tMAkGA1UdEwQCMAAw
KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2dwLnN5bWNiLmNvbS9ncC5jcmwwbwYD
VR0gBGgwZjBkBgZngQwBAgEwWjAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cucmFw
aWRzc2wuY29tL2xlZ2FsMCwGCCsGAQUFBwICMCAMHmh0dHBzOi8vd3d3LnJhcGlk
c3NsLmNvbS9sZWdhbDAfBgNVHSMEGDAWgBSXwidQnsLJ7AyIMsh8reKmAU/abzAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFcG
CCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dwLnN5bWNkLmNvbTAm
BggrBgEFBQcwAoYaaHR0cDovL2dwLnN5bWNiLmNvbS9ncC5jcnQwggF+BgorBgEE
AdZ5AgQCBIIBbgSCAWoBaAB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM22
7L7MAAABXepQeSAAAAQDAEYwRAIgPWe1P7+TU8+WIFCVfL4KF51rWZYGXd6p+pQu
UUn3JlECICaDsvsI5GwLT9CVqp4et9NmjpAMZ+4gxniDGTEKHrEIAHcApLkJkLQY
WBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFd6lB5WgAABAMASDBGAiEA4P1o
zLmB7SqPAbCaxQCApN2yHT+zlA3FHxJX3bQ+9xgCIQCR5r6dlqTneYUZeaccn8wh
YStsp/PQg6Bas3TTy4ULdwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
qP3LAAABXepQex8AAAQDAEcwRQIhAOwR0LBr5HPJVJqoioglUp6OP898KLt7JoUh
ycxEzfKjAiAaBTchxr8sg70mt4CmuAt0Sg/LmVqmrGykXVr6OP146zANBgkqhkiG
9w0BAQsFAAOCAQEAoQe/TU10Vq+9OAuDfy/ERzcNKc+6slGPfQbWSWw439/O/a/B
lxpn1zn/tUxU+BWV8YQxHzk22WkRqHFNaXCbKE87jk5Qkn2uZ5+pdjUa543cTX9M
MAahER0Lw1eqEXxwdFqaIqroyCQZLFv7R4y9kKPoL0uay83Uge4eLfX9Xlxre3NI
0gBgv0f1s/8KaVtxT4z2T4oNHF7JZBuIgVNC6wjlKL6JKacdz9i/7bwphgvPqUZx
ZEI4ICi4aDhiwqPGlYTKZsj/veLtpP4ioP/GZ1qgVH6NgvCpbT0DzRI6dVGfwbvG
jq4u8l3sBH3xVfvOvcabri1NjpTnInQI8llpJg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMxMjExMjM0NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSUmFwaWRTU0wg
U0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1jBEgEu
l9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx2GCJ
a1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6
msrVMNI4/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpyg
C04q18NhWoXdXBC5VD0tA/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZD
dvDibvDfqCl158ikh4tq8bsIyTYYZe5QQ7hdctUoOeFTPiUs2itP3YqeUFDgb5rE
1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwR
fap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIGA1UdEwEB
/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0
dHA6Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEE
IzAhMB8GCCsGAQUFBzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMw
QQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0
LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1h
bnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBWlLp6vXmp9uP+
bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar
RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJR
BBZqAOv5jUOB8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd
4FB84XavXu0R0y8TubglpK9YCa81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4
Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4lecWLVtXjCYDqwSfC2Q7sRwrp0Mr8
2A==
-----END CERTIFICATE-----
2、因为收到的CA证书宽度不符合64个字符宽度,需要用下面的命令转换为64个字符一行。
openssl x509 -inform PEM -in ca2.pem -text|more
76个字符宽
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMjExMjM0
NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
LjEbMBkGA1UEAxMSUmFwaWRTU0wgU0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAu1jBEgEul9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx
2GCJa1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6msrVMNI4
/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpygC04q18NhWoXdXBC5VD0t
A/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZDdvDibvDfqCl158ikh4tq8bsIyTYYZe5Q
Q7hdctUoOeFTPiUs2itP3YqeUFDgb5rE1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgw
FoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIG
A1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
BzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsG
AQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCk
HjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBW
lLp6vXmp9uP+bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar
RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJRBBZqAOv5jUOB
8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd4FB84XavXu0R0y8TubglpK9Y
Ca81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4l
ecWLVtXjCYDqwSfC2Q7sRwrp0Mr82A==
-----END CERTIFICATE-----
重新提交。
3、再次测试:
openssl s_client -connect ns:443