Trata-se dos https do provedor de serviços de pagamento que estamos usando. Nós notificá-los sobre o problema que faz com que alguns dispositivos Android para mostrar a mensagem de erro SSL quando o navegador é redirecionado para o endereço https. Mas eles não encontraram a solução e estou tentando encontrar uma dica para eles.
Na saída de openssl s_client -connect pep.shaparak.ir:443
, você pode ver que o item 1 e o item 2 são os mesmos. Se o servidor era o apache, acho que foi por causa do erro no conteúdo do arquivo referenciado em SSLCertificateChainFile
. Mas eu não sei o equivalente em IIS
.
CONNECTED(00000003)
depth=1 CN = T\C3CRKTRUST Elektronik Sunucu Sertifikas\C4\B1 Hizmetleri, C = TR, O = T\C3CRKTRUST Bilgi \C4\B0leti\C5Fim ve Bili\C5Fim G\C3\BCvenli\C4Fi Hizmetleri A.\C5E. (c) Kas\C4\B1m 2005
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=IR/ST=TEHRAN/L=TEHRAN/OU=IT DEPARTMENT/O=SHAPARAK ELECTRONIC CARD PAYMENT NETWORK CO. (PJS)/CN=pep.shaparak.ir
i:/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
1 s:/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
i:/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
2 s:/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
i:/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
---
Server certificate
-----BEGIN CERTIFICATE-----
((blah blah))
-----END CERTIFICATE-----
subject=/C=IR/ST=TEHRAN/L=TEHRAN/OU=IT DEPARTMENT/O=SHAPARAK ELECTRONIC CARD PAYMENT NETWORK CO. (PJS)/CN=pep.shaparak.ir
issuer=/CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri/C=TR/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
---
No client certificate CA names sent
---
SSL handshake has read 4518 bytes and written 634 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: FE169BDE3DEFEC4C332981D093AC4A1BAC2A2D0F88C99A7D60428073A6154554
Session-ID-ctx:
Master-Key: 7997043C235AC35382526AC89469E8896D0BCB61289A324520665B9B251462E560C26CC9A1372D887D5F9A1F20844F84
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
((blah blah))
Start Time: 1404818844
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
Obrigado!
Tags iis ssl-certificate