上一篇博客Citrix NetScaler VPX 导入SSL的方法内讲的导入ssl还有些问题。

在有些firefox版本还是会提示证书有安全问题,经查是由于交叉根证书没有安装造成,如下图:

而正确的应该是:

解决办法:

从SSL颁发机构拿到的中级证书文件内,其实是有两个证书的,如:

—–BEGIN CERTIFICATE—–
MIIFiDCCA3CgAwIBAgIEGZ34ijANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJD
TjEqMCgGA1UEChMhV29TaWduIGVDb21tZXJjZSBTZXJ2aWNlcyBMaW1pdGVkMSow
KAYDVQQDEyFDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBXb1NpZ24wHhcNMDkw
ODA4MDEwMDAxWhcNMjQwODA4MDEwMDAxWjBfMQswCQYDVQQGEwJDTjEqMCgGA1UE
ChMhV29TaWduIGVDb21tZXJjZSBTZXJ2aWNlcyBMaW1pdGVkMSQwIgYDVQQDExtX
b1NpZ24gQ2xhc3MgMyBPViBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8ib5hUVPIK5Z1s1rTDjT+SsKfoxiDoqzjLl6TeQsTSV6Tso+E
EO2Rj4K6rWffMxuuhPJVsFv0s5685gQPHe8EWqgL7BJtVhlkcEkPV5LzXyGmTbTS
lis8MrPvj1kLFLpuop5x2/KIPyg77M6+R6xFx4qe+mGTxUkXtka295kWjBxuMa5p
zu3GJJJwocuWw2wW0O7MT4Yzs0HmPT3bDowzdLvD/Aun/NFx4sEM1Pe6PoCQ1Ejr
ooNw2NswBymJ+YEhLP/rR/Z6bUOWZxc+8+JzUcd2HukcoOwRGrHPHi2cVe47xi2u
3GZlkaJmnKyC8aQXtddDg8OIoGTeynJF3Dj7AgMBAAGjggFEMIIBQDASBgNVHRMB
Af8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUYi6B2eNCeRSj
zdlUim743pWqj5gwHwYDVR0jBBgwFoAU4WbPDtHxs0u3BiAU/ocS1fb++z4wYwYI
KwYBBQUHAQEEVzBVMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC53b3NpZ24uY29t
L2NhMCwGCCsGAQUFBzAChiBodHRwOi8vYWlhLndvc2lnbi5jb20vd29zaWduLmNl
cjAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vY3Jscy53b3NpZ24uY29tL2NhLmNy
bDBFBgNVHSAEPjA8MDoGCysGAQQBgptRAQEAMCswKQYIKwYBBQUHAgEWHWh0dHA6
Ly93d3cud29zaWduLmNvbS9wb2xpY3kvMA0GCSqGSIb3DQEBBQUAA4ICAQBdfr2v
Ie51jqaou4Yx6k35v1U58k/IR3neB+F5RIAhwM62M0gsPnDngVRGu+2tLZ232NQ3
4rf9Y+enMgRSmPi5b5T8qgNFjOocYavoowmDqgWIQC5Dij8tGVpQZDltqsrWUv9T
9nmBfuSOYFC2Hvtfqpe+EOmjnJqIqIrOjK2HhTM8VhnJFIoMJwEKBLa/9s8MFsXP
CEy3uoQ5Gzn3G4UJAmGMV9G8BFJKJut3LHuKO7hH8JOa0f1fkZtzk5KbJf9mDeM6
AUb2W7/MyX0qpggIW+yn4bxwdp5lBH193+tTovc1kiGiGRn8+dDwsrqukAGL43SM
Bhow4b3Rd0Gf3Vg7RwvOSgo0Qb+8Syp2XqyBWf+xIrFRWuxhKalIfGE/0f3d5kmL
ZPatC275bojAb+8TS+NsRkPjvd8PETRDyhf+fRImBvfM7H4WXa7uGubYAgW9MMj5
3s42qdLeK1DSamwns6T4Pd8jXzc55kqSMYX7xefQGCtASOVh/sEzPgjlQCj7W97v
qwcUDz9RN2xS+10/up9hewtEf0VDL+IJdJ6UjfA0f4KgyHkydQWuh9R7YCDlEi5d
pWC6gp48yyHeDT3vqkkPyKumHgqg9+2CnSi0DWaR+6oiG3euNGalCfg3AmwAqWtg
yknVMe8Gtkap+uhGLKI7C9KSbprX6V7vfTsgVA==
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIGZjCCBE6gAwIBAgIBPTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMTEwMzAxMDEwMDAxWhcNMTYwMzAxMDEwMDAxWjBl
MQswCQYDVQQGEwJDTjEqMCgGA1UEChMhV29TaWduIGVDb21tZXJjZSBTZXJ2aWNl
cyBMaW1pdGVkMSowKAYDVQQDEyFDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBvZiBX
b1NpZ24wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9yo2suJEVVpd7
a1x6wt5r2aGwwxAj+qehsswx+j7ZpilvFj3ga/i4QF/bOagAeougTVR9wiJ4/I4J
uKiF18yVl0t02J5+8ADkDomuSShEGhCZMg8liFOkDbMPEggWCwNxJxx/4dvS/Wdo
xAVdCg5dcNfYl6C8U0GakY30njZmen5WwZBf5rFoIDakjCQsLEcLWXZmMLW+3u2P
+J3TuwEw5vLzDuAskoDzhfkoirRULprt93b8FWgW60ps6y4Sj9TP/gzHXB0LfgUy
vl6wCSpC1clOkLNZDbt6fs3VCFq0f9gcaRH5Jw97Bq9Ugxh74d1UelFobnf8xr9S
SmZGobJnGrujT3egvl3//FYLQ3J3kMqe+fI59Q2p9OrX57MQLzBCNyHMMHDJhpgP
zFhNg7t95RqlN422rDKXADpjcSQenjfE/3TUN8Di/ohGYBHdCD9QNqu4eqSVYmpu
sMpqIVpp8/P7HXA5lfOnbqaBiaGIxTtxyqNS7oO7/aB39ORv50LbbUqZijRIvBfc
5IAIIrbyMcA/BD7rnyB51rgGZGQCMdepzVL7hEVpCQAq3FWLxAZGS8BKHQlbOSj9
qavOAPkuSEsm5jBMpVjKtESCT+eRHjPDsJP/EfyB0sofcSnddk+SJa8dgbcPL4zD
BswvJ6NK5A6ZunweRR9/qhlFlv38PQIDAQABo4IBBzCCAQMwEgYDVR0TAQH/BAgw
BgEB/wIBAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOFmzw7R8bNLtwYgFP6H
EtX2/vs+MB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMGkGCCsGAQUF
BwEBBF0wWzAnBggrBgEFBQcwAYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2Nh
MDAGCCsGAQUFBzAChiRodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5j
cnQwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2Zz
Y2EuY3JsMA0GCSqGSIb3DQEBBQUAA4ICAQA50MJWBW3EoTL4v8ZV4GpNgpndJ2ht
aRXc/37rUb22t6Y9hf+CFVxqC8EFa4pNGj66d3+T24YTu8rZHJ4gYDhGX5rJ+6wB
5FsYSN3gcKxdUbrpwn1zT8L/Orohmz7gpqNN+du0FSZTbBrArzGJCc788HLoii7A
iQf36IYcs7D/IsWmZCskTvbCscPUGCbyZkab8jiXWO6vBcu9QvLVc2J6C6ipPu50
JeeoWO9Z639I7RrdunvODAh7ILGIBN9/fvLtgVqjaBifznU4MCGVNF1k4J5SKlD3
OiVTb9o56PO3vm9dlhIbsfHA72MOtatknE4o1Ueh0uQDS//2ahRWGwmHxc4jleIl
cMRQZ8LkKaGMEH971ztew9P8caHRB9HiElp0bCzX8Q2HIerDy+BGkEErI+ACxCDZ
7472dsnmZw0cJ8rB6aU98RFM/IujUkTwkDmUbPBIL8HpVJJmu1c1Hy9iOVWq8JO7
I7G0aFGJgS0Pu+xgHN7Z3MnkbpGvnG2EXhoTSI3B29rSf4ByEeJaMuMWC3Nem4xU
R8O5z2yIpE7Cs/oe0xRdbVquf6Fwrcok1k+I4RQzRA6RC+AvVq60kobu5D7iZanC
LagrUUFhIw7R3GtPHE1X51OwXWqTxACiCRnu5iwe0W80w2wH3BKRs7+dJhU1JHs2
274jjFM+IWuF+A==
—–END CERTIFICATE—–

前一段是中级证书,后一段是交叉根证书。

中级证书前面已经link过了,把后一段的交叉根证书复制出来,导入到Citrix NetScaler VPX内,再在中级证书上link刚导入的交叉根证书就好了。

再检查,发现显示已经有交叉根证书了。

firefox也正常。