You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/16 08:45:20 UTC

[GitHub] [apisix] pingod opened a new issue #6629: help request: 泛域名证书问题

pingod opened a new issue #6629:
URL: https://github.com/apache/apisix/issues/6629


   ### Description
   
     问题/现象：
   无法正常访问https（已经配置对应域名的泛域名证书),游览器显示ERR_SSL_PROTOCOL_ERROR
   ![image](https://user-images.githubusercontent.com/358093/158551011-46c8e5c5-5a08-400e-9cfe-6ec68462e957.png)
   
   
   
     apisix pod日志信息：
   ![c306573ff582554a74e73b63b4f5284](https://user-images.githubusercontent.com/358093/158550578-73db451b-6299-4b2a-a23c-688f98cfc043.png)
     
   
     apisixroute 配置
   ![cb1a68987801c42a7f1c3157c1db113](https://user-images.githubusercontent.com/358093/158550520-f941e82e-a5f2-45d7-a458-8516733ff6e1.png)
   
     证书配置
     证书配置方法为，通过dashboard上传
   ![c31e14dc8b705dad6b6f8971ea331d1](https://user-images.githubusercontent.com/358093/158550822-a8b896a6-e27e-4ea3-8b99-4c4e9dc0671b.png)
   
   
   
   ### Environment
   
   - APISIX version (run `apisix version`):    2.12.1
   - APISIX Dashboard version, if relevant:   2.10.1
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] pingod closed issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

pingod closed issue #6629:
URL: https://github.com/apache/apisix/issues/6629


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] pingod commented on issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

pingod commented on issue #6629:
URL: https://github.com/apache/apisix/issues/6629#issuecomment-1069169469


   Thanks for the reply, is there any consideration to support multi-level domain matching later? Or is there a compromise solution for this situation?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] pingod closed issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

pingod closed issue #6629:
URL: https://github.com/apache/apisix/issues/6629


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] pingod commented on issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

pingod commented on issue #6629:
URL: https://github.com/apache/apisix/issues/6629#issuecomment-1072061120


   Thx  :)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] pingod commented on issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

pingod commented on issue #6629:
URL: https://github.com/apache/apisix/issues/6629#issuecomment-1072061120


   Thx  :)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #6629:
URL: https://github.com/apache/apisix/issues/6629#issuecomment-1068902056


   @pingod The wildcard domain only support one-level, so domain like "a.positecgroup.com" can be matched but "a.a.positecgroup.com" cannot.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #6629:
URL: https://github.com/apache/apisix/issues/6629#issuecomment-1069791959


   @pingod 
   
   It's not a standard behavior to support the multiple level wildcard certificate, also some browsers support it.
   
   FYI:
   
   ```
   If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
   ```
   
   See https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain for details.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers edited a comment on issue #6629: help request: wildcard certificate

Posted by GitBox <gi...@apache.org>.

tokers edited a comment on issue #6629:
URL: https://github.com/apache/apisix/issues/6629#issuecomment-1069791959


   @pingod 
   
   It's not a standard behavior to support the multiple level wildcard certificate, also some browsers support it.
   
   FYI:
   
   > If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
   
   See https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain for details.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org