Some browsers may complain(抱怨) about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues. This occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present(出现) in the certificate base of well-known trusted(信任) certificate authorities which is distributed(发布) with a particular browser. In this case the authority provides a bundle of(一束) chained certificates which should be concatenated(连接) to the signed server certificate. The server certificate must appear before the chained certificates in the combined file:
解释:
某些浏览器有时可能会抱怨知名证书颁发机构签名的证书,但是另一些浏览器可能会接受改证书而不会产生任何问题。产生该问题的原因就是证书颁发机构采用了“中间证书”来
作为
服务器认证,但是该中间证书却没有包含在知名证书颁发机构对特定浏览器颁发的可信任基证书库中。解决方案就是权威证书颁发机构提供一系列的“chained certificates”,
这些链证书被链接用于签名服务器认证。在同一个证书文件中 “服务器证书” 必须出现在 “chained certificates”的前面。
参考:http://lukejin.iteye.com/blog/587200
生产实际使用: