主頁 > 軟體設計 > SSL適用于Chrome和Edge,但不適用于Firefox

SSL適用于Chrome和Edge,但不適用于Firefox

2022-09-14 03:18:42 軟體設計

我有一個網站(SSL 適用于 Chrome 和 Edge,但不適用于 Firefox

我激活了ssl-debug,這是輸出(我更改了域名):

[root@rm-2 130 rm2.johndoe.de /usr/local/share/apache-tomcat-8.5.50/logs]# tail -f catalina.out
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.639 CEST|HandshakeContext.java:305|No available cipher suite for TLS10
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.640 CEST|HandshakeContext.java:305|No available cipher suite for TLS13
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.642 CEST|HandshakeContext.java:305|No available cipher suite for TLS11
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.646 CEST|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"unknown extension (34)": {
  0000: 00 08 04 03 05 03 06 03   02 03                    ..........
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.647 CEST|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"unknown extension (28)": {
  0000: 40 01                                              @.
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.647 CEST|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"unknown extension (65,037)": {
  0000: 00 00 01 00 01 73 00 20   7E E0 E2 0A 3D 5F C1 07  .....s. ....=_..
             (cut)
  0130: F7 F2 23 E4 18 05 62 88   C5                       ..#...b..
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.657 CEST|ClientHello.java:808|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "D2 14 7F AA BE 53 DC 45 28 1E F1 DE CE 5C 47 E9 74 AA B6 4D 71 77 05 90 D6 E5 15 E3 47 09 D1 4C",
  "session id"          : "2C 40 BF 69 27 7A 56 9B C3 E1 D2 B0 7E DA 21 0A 7E 28 DE 2B 9C 13 18 A8 7E 63 78 5B A2 AB 7C C8",
  "cipher suites"       : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_12                                                                                                                                                                8_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1                                                                                                                                                                305_SHA256(0xCCA8), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC0                                                                                                                                                                0A), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_1                                                                                                                                                                28_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.johndoe.de
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "session_ticket (35)": {
      <empty>
    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "unknown extension (34)": {
      0000: 00 08 04 03 05 03 06 03   02 03                    ..........
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: 34 E2 D6 33 A8 F1 32 BD   77 B3 17 9C DC DB C4 40  4..3..2.w......@
            0010: EC 49 D3 05 93 5A 6D 5A   CA A1 96 2B 45 C2 C6 08  .I...ZmZ... E...
          }
        },
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 BB 10 DA E8 84 94 DC   5A 20 EC 1B 99 40 68 85  ........Z ...@h.
            0010: C2 1E 82 AA E5 F7 C0 9A   8A 98 9C 6E 30 CF 87 34  ...........n0..4
            0020: 35 C7 12 B8 DB 43 BB 4E   64 28 83 9B 95 6E 76 31  5....C.Nd(...nv1
            0030: EE AA 71 77 7F 58 B5 96   7C 14 75 B4 83 C5 95 42  ..qw.X....u....B
            0040: F3
          }
        },
      ]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sh                                                                                                                                                                a512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "unknown extension (28)": {
      0000: 40 01                                              @.
    },
    "unknown extension (65,037)": {
      0000: 00 00 01 00 01 73 00 20   7E E0 E2 0A 3D 5F C1 07  .....s. ....=_..
             (cut)
      0130: F7 F2 23 E4 18 05 62 88   C5                       ..#...b..
    }
  ]
}
)
  (I cut the dates here)
  58 CEST|SSLExtensions.java:192|Consumed extension: supported_versions
  58 CEST|ClientHello.java:838|Negotiated protocol version: TLSv1.2
  58 CEST|SessionTicketExtension.java:457|Client accepts session tickets.
  58 CEST|SSLExtensions.java:192|Consumed extension: session_ticket
  61 CEST|ClientHello.java:1069|Session not resumed.
  61 CEST|ServerNameExtension.java:329|no server name matchers, ignore server name indic                                                                                                                                                                ation
  61 CEST|SSLExtensions.java:192|Consumed extension: server_name
  61 CEST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
  61 CEST|SSLExtensions.java:192|Consumed extension: status_request
  61 CEST|SSLExtensions.java:192|Consumed extension: supported_groups
  61 CEST|SSLExtensions.java:192|Consumed extension: ec_point_formats
  62 CEST|SSLExtensions.java:192|Consumed extension: signature_algorithms
  62 CEST|SSLExtensions.java:173|Ignore unavailable extension: signature_algorithms_cert
  62 CEST|AlpnExtension.java:281|Ignore server unenabled extension: application_layer_pr                                                                                                                                                                otocol_negotiation
  62 CEST|SSLExtensions.java:192|Consumed extension: application_layer_protocol_negotiat                                                                                                                                                                ion
  62 CEST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
  62 CEST|SSLExtensions.java:192|Consumed extension: extended_master_secret
  62 CEST|SSLExtensions.java:192|Consumed extension: supported_versions
  62 CEST|SSLExtensions.java:163|Ignore unsupported extension: cookie
  62 CEST|SSLExtensions.java:163|Ignore unsupported extension: psk_key_exchange_modes
  62 CEST|SSLExtensions.java:163|Ignore unsupported extension: certificate_authorities
  62 CEST|SSLExtensions.java:163|Ignore unsupported extension: key_share
  62 CEST|SSLExtensions.java:192|Consumed extension: renegotiation_info
  62 CEST|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key
  64 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
  64 CEST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
  66 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: status_reques                                                                                                                                                                t
  66 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_gro                                                                                                                                                                ups
  66 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_form                                                                                                                                                                ats
  68 CEST|SSLExtensions.java:224|Populated with extension: signature_algorithms
  68 CEST|SSLExtensions.java:207|Ignore unavailable extension: signature_algorithms_cert
  68 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: application_l                                                                                                                                                                ayer_protocol_negotiation
  68 CEST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
  68 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_mast                                                                                                                                                                er_secret
  68 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: session_ticke                                                                                                                                                                t
  68 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_ver                                                                                                                                                                sions
  68 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation                                                                                                                                                                _info
  76 CEST|ServerHello.java:450|use cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  77 CEST|StatusResponseManager.java:763|Staping disabled or is a resumed session
     CEST|ServerNameExtension.java:454|No expected server name indication response
  77 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
     CEST|MaxFragExtension.java:292|Ignore unavailable max_fragment_length extension
  77 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: max_fragment_len                                                                                                                                                                gth
  77 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: status_request
  77 CEST|SSLExtensions.java:246|Ignore, no extension producer defined: ec_point_forma                                                                                                                                                                ts
  77 CEST|AlpnExtension.java:364|Ignore unavailable extension: application_layer_protoco                                                                                                                                                                l_negotiation
  77 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: application_laye                                                                                                                                                                r_protocol_negotiation
  77 CEST|SSLExtensions.java:260|Ignore, context unavailable extension: status_request_v                                                                                                                                                                2
  77 CEST|ServerHello.java:375|Produced ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "5F 2C A6 44 25 82 05 4C 46 4A 6D F8 1C 53 E6 93 7A E9 8C F9 AB 30 43 72 4B 7B 7D 2C 4B 91 96 B1",
  "session id"          : "69 E5 26 55 D8 FE 83 ED 42 EB 24 C9 8C CC 50 C2 0A 5A 0D EB 8E BC CA C3 E0 EE 72 2E 78 19 D3 34",
  "cipher suite"        : "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F)",
  "compression methods" : "00",
  "extensions"          : [
    "extended_master_secret (23)": {
      <empty>
    },
    "session_ticket (35)": {
      <empty>
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    }
  ]
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.680 CEST|CertificateMessage.java:271|Produced server Certificate handshake message (
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "04 9B FE B0 17 03 95 B8 8F 89 AA 2B AD 04 25 EE 03 22",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=R3, O=Let's Encrypt, C=US",
    "not before"         : "2022-08-05 11:32:31.000 CEST",
    "not  after"         : "2022-11-03 10:32:30.000 CET",
    "subject"            : "CN=www.johndoe.de",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
      },
      {
        ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
        AuthorityInfoAccess [
          [
           accessMethod: ocsp
           accessLocation: URIName: http://r3.o.lencr.org
        ,
           accessMethod: caIssuers
           accessLocation: URIName: http://r3.i.lencr.org/
        ]
        ]
      },
      {
        ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 14 2E B3 17 B7 58 56 CB   AE 50 09 40 E6 1F AF 9D  .....XV..P.@....
        0010: 8B 14 C2 C6                                        ....
        ]
        ]
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:false
          PathLen: undefined
        ]
      },
      {
        ObjectId: 2.5.29.32 Criticality=false
        CertificatePolicies [
          [CertificatePolicyId: [2.23.140.1.2.1]
        []  ]
          [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
        [PolicyQualifierInfo: [
          qualifierID: 1.3.6.1.5.5.7.2.1
          qualifier: 0000: 16 1A 68 74 74 70 3A 2F   2F 63 70 73 2E 6C 65 74  ..http://cps.let
        0010: 73 65 6E 63 72 79 70 74   2E 6F 72 67              sencrypt.org

        ]]  ]
        ]
      },
      {
        ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
          serverAuth
          clientAuth
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Key_Encipherment
        ]
      },
      {
        ObjectId: 2.5.29.17 Criticality=false
        SubjectAlternativeName [
          DNSName: 1.de
          DNSName: 2.de
          DNSName: 3.de
          DNSName: 4.de
          DNSName: 5.de
          DNSName: 6.de
          DNSName: 7.de
          DNSName: 8.de
          DNSName: 9.de
          DNSName: 10.de
          DNSName: 11.de
          DNSName: www.1.de
          DNSName: www.2.de
          DNSName: www.3.de
          DNSName: www.4.de
          DNSName: www.5.de
          DNSName: www.6.de
          DNSName: www.7.de
          DNSName: www.8.de
          DNSName: www.9.de
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 79 4B FF A1 9A F9 0D 05   F0 06 E2 15 99 93 36 AA  yK............6.
        0010: 86 E9 14 38                                        ...8
        ]
        ]
      }
    ]},
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "00 91 2B 08 4A CF 0C 18 A7 53 F6 D6 2E 25 A7 5F 5A",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=ISRG Root X1, O=Internet Security Research Group, C=US",
    "not before"         : "2020-09-04 02:00:00.000 CEST",
    "not  after"         : "2025-09-15 18:00:00.000 CEST",
    "subject"            : "CN=R3, O=Let's Encrypt, C=US",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
        AuthorityInfoAccess [
          [
           accessMethod: caIssuers
           accessLocation: URIName: http://x1.i.lencr.org/
        ]
        ]
      },
      {
        ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: 79 B4 59 E6 7B B6 E5 E4   01 73 80 08 88 C8 1A 58  y.Y......s.....X
        0010: F6 E9 9B 6E                                        ...n
        ]
        ]
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:0
        ]
      },
      {
        ObjectId: 2.5.29.31 Criticality=false
        CRLDistributionPoints [
          [DistributionPoint:
             [URIName: http://x1.c.lencr.org/]
        ]]
      },
      {
        ObjectId: 2.5.29.32 Criticality=false
        CertificatePolicies [
          [CertificatePolicyId: [2.23.140.1.2.1]
        []  ]
          [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
        []  ]
        ]
      },
      {
        ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
          clientAuth
          serverAuth
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 14 2E B3 17 B7 58 56 CB   AE 50 09 40 E6 1F AF 9D  .....XV..P.@....
        0010: 8B 14 C2 C6                                        ....
        ]
        ]
      }
    ]},
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "40 01 77 21 37 D4 E9 42 B8 EE 76 AA 3C 64 0A B7",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
    "not before"         : "2021-01-20 20:14:03.000 CET",
    "not  after"         : "2024-09-30 20:14:03.000 CEST",
    "subject"            : "CN=ISRG Root X1, O=Internet Security Research Group, C=US",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
        AuthorityInfoAccess [
          [
           accessMethod: caIssuers
           accessLocation: URIName: http://apps.identrust.com/roots/dstrootcax3.p7c
        ]
        ]
      },
      {
        ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: C4 A7 B1 A4 7B 2C 71 FA   DB E1 4B 90 75 FF C4 15  .....,q...K.u...
        0010: 60 85 89 10                                        `...
        ]
        ]
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:2147483647
        ]
      },
      {
        ObjectId: 2.5.29.31 Criticality=false
        CRLDistributionPoints [
          [DistributionPoint:
             [URIName: http://crl.identrust.com/DSTROOTCAX3CRL.crl]
        ]]
      },
      {
        ObjectId: 2.5.29.32 Criticality=false
        CertificatePolicies [
          [CertificatePolicyId: [2.23.140.1.2.1]
        []  ]
          [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
        [PolicyQualifierInfo: [
          qualifierID: 1.3.6.1.5.5.7.2.1
          qualifier: 0000: 16 22 68 74 74 70 3A 2F   2F 63 70 73 2E 72 6F 6F  ."http://cps.roo
        0010: 74 2D 78 31 2E 6C 65 74   73 65 6E 63 72 79 70 74  t-x1.letsencrypt
        0020: 2E 6F 72 67                                        .org

        ]]  ]
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 79 B4 59 E6 7B B6 E5 E4   01 73 80 08 88 C8 1A 58  y.Y......s.....X
        0010: F6 E9 9B 6E                                        ...n
        ]
        ]
      }
    ]}
]
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.698 CEST|ECDHServerKeyExchange.java:478|Produced ECDH ServerKeyExchange handshake messa                                                                                                                                                                ge (
"ECDH ServerKeyExchange": {
  "parameters": {
    "named group": "x25519"
    "ecdh public": {
      0000: 55 2B 68 13 54 7F C8 A8   68 9A 11 D9 5A 07 98 1C  U h.T...h...Z...
      0010: D7 33 A1 94 C5 8D A6 D4   97 42 CB E3 E4 C2 71 6D  .3.......B....qm
    },
  },
  "digital signature":  {
    "signature algorithm": "rsa_pss_rsae_sha256"
    "signature": {
      0000: 5F 8E 31 E3 AE 4A 48 55   F6 15 39 64 CC 52 DA DE  _.1..JHU..9d.R..
             (cut)
      00F0: C6 64 E4 BC 59 99 A4 A1   F3 0A 0D B9 4A C3 45 72  .d..Y.......J.Er
    },
  }
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.707 CEST|CertificateRequest.java:618|Produced CertificateRequest handshake message (
"CertificateRequest": {
  "certificate types": [ecdsa_sign, rsa_sign, dss_sign]
  "supported signature algorithms": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_ps                                                                                                                                                                s_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rs                                                                                                                                                                a_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
  "certificate authorities": [CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, CN=admin, OU="[Committer                                                                                                                                                                , Admins, Developer, Architect, Wiki editor]", O="[johndoe.de]", C=EN, CN=1.com, OU=Access, O=www.johndoe.de, C=DE, CN=SSL.com DV CA                                                                                                                                                                , OU=www.ssl.com, O=SSL.com, C=US, CN=root, OU="[Committer, Developer, Architect]", O="[johndoe.de]", C=EN]
}
)
javax.net.ssl|DEBUG|14|https-jsse-nio2-443-exec-6|2022-08-29 23:07:02.707 CEST|ServerHelloDone.java:97|Produced ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|15|https-jsse-nio2-443-exec-7|2022-08-29 23:07:02.743 CEST|CertificateMessage.java:372|Consuming client Certificate handshake message (
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "1E 30 B0 3C",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=johndoe.com, OU=Access, O=www.johndoe.com, C=DE",
    "not before"         : "2000-11-10 24:00:00.000 CET",
    "not  after"         : "2100-11-10 24:00:00.000 CET",
    "subject"            : "CN=root, OU=[], O=[], C=",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 2.5.29.37 Criticality=true
        ExtendedKeyUsages [
          clientAuth
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: C7 B9 03 C1 93 32 B4 A0   7B 53 B8 E1 03 E4 4B 37  .....2...S....K7
        0010: 20 FA 9E DF                                         ...
        ]
        ]
      }
    ]}
]
)
javax.net.ssl|ERROR|15|https-jsse-nio2-443-exec-7|2022-08-29 23:07:02.746 CEST|TransportContext.java:361|Fatal (CERTIFICATE_UNKNOWN): PKIX path validation fa                                                                                                                                                                iled: java.security.cert.CertPathValidatorException: signature check failed (
"throwable" : {
  sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
        at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:369)
        at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:275)
        at java.base/sun.security.validator.Validator.validate(Validator.java:264)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)

  Caused by: java.security.cert.CertPathValidatorException: signature check failed
        at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
        ... 29 more
  Caused by: java.security.SignatureException: Signature does not match.
        at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:412)
        at java.base/sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
        ... 34 more}

)
javax.net.ssl|WARNING|15|https-jsse-nio2-443-exec-7|2022-08-29 23:07:02.746 CEST|SSLEngineOutputRecord.java:173|outbound has closed, ignore outbound applicat                                                                                                                                                                ion data

有趣的是:在隱身標簽中,它就像一個魅力!

這是我的服務器配置:SSL 適用于 Chrome 和 Edge,但不適用于 Firefox

轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/506927.html

標籤:ssl 火狐 ssl 证书 tomcat8

上一篇:使用Selenium的Firefox中的身份驗證彈出問題

下一篇:Firefox,xPath未評估

標籤雲
其他(157675) Python(38076) JavaScript(25376) Java(17977) C(15215) 區塊鏈(8255) C#(7972) AI(7469) 爪哇(7425) MySQL(7132) html(6777) 基礎類(6313) sql(6102) 熊猫(6058) PHP(5869) 数组(5741) R(5409) Linux(5327) 反应(5209) 腳本語言(PerlPython)(5129) 非技術區(4971) Android(4554) 数据框(4311) css(4259) 节点.js(4032) C語言(3288) json(3245) 列表(3129) 扑(3119) C++語言(3117) 安卓(2998) 打字稿(2995) VBA(2789) Java相關(2746) 疑難問題(2699) 细绳(2522) 單片機工控(2479) iOS(2429) ASP.NET(2402) MongoDB(2323) 麻木的(2285) 正则表达式(2254) 字典(2211) 循环(2198) 迅速(2185) 擅长(2169) 镖(2155) 功能(1967) .NET技术(1958) Web開發(1951) python-3.x(1918) HtmlCss(1915) 弹簧靴(1913) C++(1909) xml(1889) PostgreSQL(1872) .NETCore(1853) 谷歌表格(1846) Unity3D(1843) for循环(1842)

熱門瀏覽
  • 面試突擊第一季,第二季,第三季

    第一季必考 https://www.bilibili.com/video/BV1FE411y79Y?from=search&seid=15921726601957489746 第二季分布式 https://www.bilibili.com/video/BV13f4y127ee/?spm_id_fro ......

    uj5u.com 2020-09-10 05:35:24 more
  • 第三單元作業總結

    1.前言 這應該是本學期最后一次寫作業總結了吧。總體來說,對作業的節奏也差不多掌握了,作業做起來的效率也更高了。雖然和之前的作業一樣,作業中都要用到新的知識,但是相比之前,更加懂得了如何利用工具以及資料。雖然之間卡過殼,但總體而言,這幾次作業還算完成的比較好。 2.作業程序總結 相比前兩個單元,此單 ......

    uj5u.com 2020-09-10 05:35:41 more
  • 北航OO(2020)第四單元博客作業暨課程總結博客

    北航OO(2020)第四單元博客作業暨課程總結博客 本單元作業的架構設計 在本單元中,由于UML圖具有比較清晰的樹形結構,因此我對其中需要進行查詢操作的元素進行了包裝,在樹的父節點中存盤所有孩子的參考。考慮到性能問題,我采用了快取機制,一次查詢后盡可能快取已經遍歷過的資訊,以減少遍歷次數。 本單元我 ......

    uj5u.com 2020-09-10 05:35:48 more
  • BUAA_OO_第四單元

    一、UML決議器設計 ? 先看下題目:第四單元實作一個基于JDK 8帶有效性檢查的UML(Unified Modeling Language)類圖,順序圖,狀態圖分析器 MyUmlInteraction,實際上我們要建立一個有向圖模型,UML中的物件(元素)可能與同級元素連接,也可與低級元素相連形成 ......

    uj5u.com 2020-09-10 05:35:54 more
  • 6.1邏輯運算子

    邏輯運算子 1. && 短路與 運算式1 && 運算式2 01.運算式1為true并且運算式2也為true 整體回傳為true 02.運算式1為false,將不會執行運算式2 整體回傳為false 03.只要有一個運算式為false 整體回傳為false 2. || 短路或 運算式1 || 運算式2 ......

    uj5u.com 2020-09-10 05:35:56 more
  • BUAAOO 第四單元 & 課程總結

    1. 第四單元:StarUml檔案決議 本單元采用了圖模型決議UML。 UML檔案可以抽象為圖、子圖、邊的邏輯結構。 在實作中,圖的節點包括類、介面、屬性,子圖包括狀態圖、順序圖等。 采用了三次遍歷UML元素的方法建圖,第一遍遍歷建點,第二、三次遍歷設定屬性、連邊,實作圖物件的初始化。這里借鑒了一些 ......

    uj5u.com 2020-09-10 05:36:06 more
  • 談談我對C# 多型的理解

    面向物件三要素:封裝、繼承、多型。 封裝和繼承,這兩個比較好理解,但要理解多型的話,可就稍微有點難度了。今天,我們就來講講多型的理解。 我們應該經常會看到面試題目:請談談對多型的理解。 其實呢,多型非常簡單,就一句話:呼叫同一種方法產生了不同的結果。 具體實作方式有三種。 一、多載 多載很簡單。 p ......

    uj5u.com 2020-09-10 05:36:09 more
  • Python 資料驅動工具:DDT

    背景 python 的unittest 沒有自帶資料驅動功能。 所以如果使用unittest,同時又想使用資料驅動,那么就可以使用DDT來完成。 DDT是 “Data-Driven Tests”的縮寫。 資料:http://ddt.readthedocs.io/en/latest/ 使用方法 dd. ......

    uj5u.com 2020-09-10 05:36:13 more
  • Python里面的xlrd模塊詳解

    那我就一下面積個問題對xlrd模塊進行學習一下: 1.什么是xlrd模塊? 2.為什么使用xlrd模塊? 3.怎樣使用xlrd模塊? 1.什么是xlrd模塊? ?python操作excel主要用到xlrd和xlwt這兩個庫,即xlrd是讀excel,xlwt是寫excel的庫。 今天就先來說一下xl ......

    uj5u.com 2020-09-10 05:36:28 more
  • 當我們創建HashMap時,底層到底做了什么?

    jdk1.7中的底層實作程序(底層基于陣列+鏈表) 在我們new HashMap()時,底層創建了默認長度為16的一維陣列Entry[ ] table。當我們呼叫map.put(key1,value1)方法向HashMap里添加資料的時候: 首先,呼叫key1所在類的hashCode()計算key1 ......

    uj5u.com 2020-09-10 05:36:38 more
最新发布
  • 【中介者設計模式詳解】C/Java/JS/Go/Python/TS不同語言實作

    * 中介者模式是一種行為型設計模式,它可以用來減少類之間的直接依賴關系,
    * 將物件之間的通信封裝到一個中介者物件中,從而使得各個物件之間的關系更加松散。
    * 在中介者模式中,物件之間不再直接相互互動,而是通過中介者來中轉訊息。 ......

    uj5u.com 2023-04-20 08:20:47 more
  • 露天煤礦現場調研和交流案例分享

    他們集團的資訊化公司及研究院在一個礦區正在做智能礦山的統一平臺的 試點,專案投資大概1億,包括了礦山的各方面的內容,顯示得我們這次交流有點多余。他們2年前開始做智能礦山的規劃,有很多煤礦行業專家的加持,他們的描述是非常完美,但是去年底應該上線的平臺,現在還沒有看到影子。他們確實有很多場景需求,但是被... ......

    uj5u.com 2023-04-20 08:20:25 more
  • 《社區人員管理》實戰案例設計&個人案例分享

    設計是一個讓人夢想成真程序,開始編碼、測驗、除錯之前進行需求分析和架構設計,才能保證關鍵方面都做正確 ......

    uj5u.com 2023-04-20 08:20:17 more
  • 軟體架構生態化-多角色交付的探索實踐

    作為一個技術架構師,不僅僅要緊跟行業技術趨勢,還要結合研發團隊現狀及痛點,探索新的交付方案。在日常中,你是否遇到如下問題 “ 業務需求排期長研發是瓶頸;非研發角色感受不到研發技改提效的變化;引入ISV 團隊又擔心質量和安全,培訓周期長“等等,基于此我們探索了一種新的技術體系及交付方案來解決如上問題。 ......

    uj5u.com 2023-04-20 08:20:10 more
  • 【中介者設計模式詳解】C/Java/JS/Go/Python/TS不同語言實作

    * 中介者模式是一種行為型設計模式,它可以用來減少類之間的直接依賴關系,
    * 將物件之間的通信封裝到一個中介者物件中,從而使得各個物件之間的關系更加松散。
    * 在中介者模式中,物件之間不再直接相互互動,而是通過中介者來中轉訊息。 ......

    uj5u.com 2023-04-20 08:19:44 more
  • 露天煤礦現場調研和交流案例分享

    他們集團的資訊化公司及研究院在一個礦區正在做智能礦山的統一平臺的 試點,專案投資大概1億,包括了礦山的各方面的內容,顯示得我們這次交流有點多余。他們2年前開始做智能礦山的規劃,有很多煤礦行業專家的加持,他們的描述是非常完美,但是去年底應該上線的平臺,現在還沒有看到影子。他們確實有很多場景需求,但是被... ......

    uj5u.com 2023-04-20 08:19:07 more
  • 《社區人員管理》實戰案例設計&個人案例分享

    設計是一個讓人夢想成真程序,開始編碼、測驗、除錯之前進行需求分析和架構設計,才能保證關鍵方面都做正確 ......

    uj5u.com 2023-04-20 08:18:57 more
  • 軟體架構生態化-多角色交付的探索實踐

    作為一個技術架構師,不僅僅要緊跟行業技術趨勢,還要結合研發團隊現狀及痛點,探索新的交付方案。在日常中,你是否遇到如下問題 “ 業務需求排期長研發是瓶頸;非研發角色感受不到研發技改提效的變化;引入ISV 團隊又擔心質量和安全,培訓周期長“等等,基于此我們探索了一種新的技術體系及交付方案來解決如上問題。 ......

    uj5u.com 2023-04-20 08:18:49 more
  • 05單件模式

    #經典的單件模式 public class Singleton { private static Singleton uniqueInstance; //一個靜態變數持有Singleton類的唯一實體。 // 其他有用的實體變數寫在這里 //構造器宣告為私有,只有Singleton可以實體化這個類! ......

    uj5u.com 2023-04-19 08:42:51 more
  • 【架構與設計】常見微服務分層架構的區別和落地實踐

    軟體工程的方方面面都遵循一個最基本的道理:沒有銀彈,架構分層模型更是如此,每一種都有各自優缺點,所以請根據不同的業務場景,并遵循簡單、可演進這兩個重要的架構原則選擇合適的架構分層模型即可。 ......

    uj5u.com 2023-04-19 08:42:41 more