blocks|key|5384116|text|来自SSLabs的报告说：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5384117|++This+server's+certificate+chain+is+incomplete.+Grade+capped+to+B.
++....
++Chain+Issues++++++++++++++++++Incomplete|code-block|syntax|javascript|5384118|桌面浏览器通常缓存来自以前连接的链证书，或者从证书中指定的URL下载这些证书。移动浏览器和其他应用程序通常不这样做。|5384119|通过包含丢失的证书来修复您的链，一切都应该是正确的。|5384120|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|N|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|O|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|P|8|@]|9|@]|A|$]]|$1|K|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|L|$]]

The report from SSLabs says:

<pre><code> This server's certificate chain is incomplete. Grade capped to B.
 ....
 Chain Issues Incomplete
</code></pre>

Desktop browsers often have chain certificates cached from previous connections or download them from the URL specified in the certificate. Mobile browsers and other applications usually don't.

Fix your chain by including the missing certificates and everything should be right.

blocks|key|1856445|text|我整个上午都在处理这件事。问题不在于我丢失了一张证书。那是因为我有一个额外的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1856446|我从我的ssl.conf开始，其中包含我的服务器密钥和我的SSL证书颁发机构提供的三个文件：|1856447|#+++Server+Certificate:
SSLCertificateFile+/etc/pki/tls/certs/myserver.cer

#+++Server+Private+Key:
SSLCertificateKeyFile+/etc/pki/tls/private/myserver.key

#+++Server+Certificate+Chain:
SSLCertificateChainFile+/etc/pki/tls/certs/AddTrustExternalCARoot.pem

#+++Certificate+Authority+(CA):
SSLCACertificateFile+/etc/pki/tls/certs/InCommonServerCA.pem|code-block|syntax|javascript|1856448|它在台式机上运行得很好，但安卓系统上的Chrome给我提供了err_cert_authority_invalid|offset|length|style|CODE|1856449|很多令人头疼的问题，搜索和糟糕的文档，后来我发现它是服务器证书链：|1856450|SSLCertificateChainFile+/etc/pki/tls/certs/AddTrustExternalCARoot.pem|1856451|这是在创建一个不完整的第二个证书链。我注释掉了这一行，只剩下|BOLD|1856452|#+++Server+Certificate:
SSLCertificateFile+/etc/pki/tls/certs/myserver.cer

#+++Server+Private+Key:
SSLCertificateKeyFile+/etc/pki/tls/private/myserver.key

#+++Certificate+Authority+(CA):
SSLCACertificateFile+/etc/pki/tls/certs/InCommonServerCA.pem|1856453|现在它又在Android上工作了。这是在运行Apache2.2的Linux上。|1856454|entityMap^0|0|0|0|U|Q|0|0|0|B|3|0|0|0^^$0|@$1|2|3|4|5|6|7|11|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|12|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|13|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|14|8|@$K|15|L|16|M|N]]|9|@]|A|$]]|$1|O|3|P|5|6|7|17|8|@]|9|@]|A|$]]|$1|Q|3|R|5|F|7|18|8|@]|9|@]|A|$G|H]]|$1|S|3|T|5|6|7|19|8|@$K|1A|L|1B|M|U]]|9|@]|A|$]]|$1|V|3|W|5|F|7|1C|8|@]|9|@]|A|$G|H]]|$1|X|3|Y|5|6|7|1D|8|@]|9|@]|A|$]]|$1|Z|3|-4|5|6|7|1E|8|@]|9|@]|A|$]]]|10|$]]

I just spent the morning dealing with this. The problem wasn't that I had a certificate missing. It was that I had an extra.

I started out with my ssl.conf containing my server key and three files provided by my SSL certificate authority:

<pre><code># Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myserver.cer

# Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key

# Server Certificate Chain:
SSLCertificateChainFile /etc/pki/tls/certs/AddTrustExternalCARoot.pem

# Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/InCommonServerCA.pem
</code></pre>

It worked fine on desktops, but Chrome on Android gave me <code>err_cert_authority_invalid</code>

A lot of headaches, searching and poor documentation later, I figured out that it was the Server Certificate Chain:

<pre><code>SSLCertificateChainFile /etc/pki/tls/certs/AddTrustExternalCARoot.pem
</code></pre>

That was creating a second certificate chain which was incomplete. I commented out that line, leaving me with

<pre><code># Server Certificate:
SSLCertificateFile /etc/pki/tls/certs/myserver.cer

# Server Private Key:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key

# Certificate Authority (CA):
SSLCACertificateFile /etc/pki/tls/certs/InCommonServerCA.pem
</code></pre>

and now it's working on Android again. This was on Linux running Apache 2.2.

blocks|key|3966463|text|我也有同样的问题，但Mike+A的回答帮助我解决了这个问题:我有一个我的证书，一个中间证书(Gandi)，另一个中间证书(UserTrustRSA)，最后是RootCA证书(AddTrust)。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|3966464|因此，首先我用SSLCertificateChainFile.指定了一个用Gandi%2BUserTrustRSA%2BAddTrust创建的链式文件但它并没有起作用。|3966465|因此，我尝试通过将MikeA证书放在一个文件中并使用SSLCACertificateFile指定它，然后删除SSLCertificateChainFile.But来尝试AddTruct回答，它不起作用。|3966466|最后，我创建了一个链式文件，它只包含由SSLCertificateChainFile指定的Gandi%2BUserTrustRSA，另一个文件仅包含由SSLCACertificateFile指定的RootCA，并且它可以工作。|3966467|#+++Server+Certificate:
SSLCertificateFile+/etc/ssl/apache/myserver.cer

#+++Server+Private+Key:
SSLCertificateKeyFile+/etc/ssl/apache/myserver.key

#+++Server+Certificate+Chain:
SSLCertificateChainFile+/etc/ssl/apache/Gandi%2BUserTrustRSA.pem

#+++Certificate+Authority+(CA):
SSLCACertificateFile+/etc/ssl/apache/AddTrust.pem|code-block|syntax|javascript|3966468|当你阅读时，这似乎是合乎逻辑的，但希望能有所帮助。|3966469|entityMap^0|A|6|0|7|N|0|Q|K|1I|N|0|J|N|21|K|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@$9|V|A|W|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|X|8|@$9|Y|A|Z|B|C]]|D|@]|E|$]]|$1|H|3|I|5|6|7|10|8|@$9|11|A|12|B|C]|$9|13|A|14|B|C]]|D|@]|E|$]]|$1|J|3|K|5|6|7|15|8|@$9|16|A|17|B|C]|$9|18|A|19|B|C]]|D|@]|E|$]]|$1|L|3|M|5|N|7|1A|8|@]|D|@]|E|$O|P]]|$1|Q|3|R|5|6|7|1B|8|@]|D|@]|E|$]]|$1|S|3|-4|5|6|7|1C|8|@]|D|@]|E|$]]]|T|$]]

I had the same probleme but the response made by Mike A helped me to figure it out:
I had a my certificate, an intermediate certificate (Gandi) , an other intermediate (UserTrustRSA) and finally the RootCA certificate (AddTrust).

So first i made a chain file with Gandi+UserTrustRSA+AddTrust and specified it with SSLCertificateChainFile. But it didn't worked.

So i tried MikeA answer by just putting AddTruct cert in a file and specified it with SSLCACertificateFile and removing SSLCertificateChainFile.But it didn't worked.

So finnaly i made a chain file with only Gandi+UserTrustRSA specified by SSLCertificateChainFile and the other file with only the RootCA specified by SSLCACertificateFile and it worked.

<pre><code># Server Certificate:
SSLCertificateFile /etc/ssl/apache/myserver.cer

# Server Private Key:
SSLCertificateKeyFile /etc/ssl/apache/myserver.key

# Server Certificate Chain:
SSLCertificateChainFile /etc/ssl/apache/Gandi+UserTrustRSA.pem

# Certificate Authority (CA):
SSLCACertificateFile /etc/ssl/apache/AddTrust.pem
</code></pre>

Seems logical when you read but hope it helps.

blocks|key|3966525|text|我还遇到了链的问题，并设法使用本指南https://gist.github.com/bradmontgomery/6487319解决了问题|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3966526|entityMap|0|LINK|mutability|MUTABLE|url|https://gist.github.com/bradmontgomery/6487319^0|I|1A|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

I also had a problem with the chain and managed to solve using this guide <a href="https://gist.github.com/bradmontgomery/6487319" rel="nofollow">https://gist.github.com/bradmontgomery/6487319</a>

blocks|key|1549841|text|我希望我不会太晚，这个解决方案在这里对我有效，我正在使用COMODO+SSL，随着时间的推移，上面的解决方案似乎无效，我的网站lifetanstic.co.ke|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1549842|您可以执行以下操作，而不是联系Comodo支持部门并获得CA包文件：|1549843|当你从Comodo+(通过邮寄)获得新的SSL证书时，他们会附上一个zip文件。您需要解压缩zip文件，并在记事本等文本编辑器中打开以下文件：|1549844|AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt|code-block|syntax|javascript|1549845|然后复制每个".crt“文件的文本，并将文本粘贴到”证书颁发机构捆绑包(可选)“字段中。|1549846|之后，只需像往常一样在“证书”字段中添加SSL证书，然后单击“通过证书自动填充”按钮并点击“安装”即可。|1549847|受此启发：https://gist.github.com/ipedrazas/6d6c31144636d586dcc3|offset|length|1549848|entityMap|0|LINK|mutability|MUTABLE|url|https://gist.github.com/ipedrazas/6d6c31144636d586dcc3^0|0|0|0|0|0|0|5|1I|0|0^^$0|@$1|2|3|4|5|6|7|10|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|11|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|12|8|@]|9|@]|A|$]]|$1|F|3|G|5|H|7|13|8|@]|9|@]|A|$I|J]]|$1|K|3|L|5|6|7|14|8|@]|9|@]|A|$]]|$1|M|3|N|5|6|7|15|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|16|8|@]|9|@$Q|17|R|18|1|19]]|A|$]]|$1|S|3|-4|5|6|7|1A|8|@]|9|@]|A|$]]]|T|$U|$5|V|W|X|A|$Y|Z]]]]

I hope i am not too late, this solution here worked for me, i am using COMODO SSL, the above solutions seem invalid over time, my website lifetanstic.co.ke

Instead of contacting Comodo Support and gain a CA bundle file You can do the following:

When You get your new SSL cert from Comodo (by mail) they have a zip file attached. You need to unzip the zip-file and open the following files in a text editor like notepad:

<pre><code>AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
</code></pre>

Then copy the text of each ".crt" file and paste the texts above eachother in the "Certificate Authority Bundle (optional)" field.

After that just add the SSL cert as usual in the "Certificate" field and click at "Autofil by Certificate" button and hit "Install".

Inspired by this gist: <a href="https://gist.github.com/ipedrazas/6d6c31144636d586dcc3" rel="noreferrer">https://gist.github.com/ipedrazas/6d6c31144636d586dcc3</a>

blocks|key|1545982|text|如果你像我一样使用亚马逊网络服务和CloudFront，这里是如何解决这个问题的。除了你不使用你的域的crt文件之外，它与其他人分享的文件类似，就是comodo给你发来的邮件。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1545983|cat+COMODORSADomainValidationSecureServerCA.crt+COMODORSAAddTrustCA.crt+AddTrustExternalCARoot.crt+>+ssl-bundle.crt|code-block|syntax|javascript|1545984|这对我很有效，我的网站不再在安卓的chrome上显示ssl警告。|1545985|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

if you're like me who is using AWS and CloudFront, here's how to solve the issue. it's similar to what others have shared except you don't use your domain's crt file, just what comodo emailed you.

<pre><code>cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt &gt; ssl-bundle.crt
</code></pre>

this worked for me and my site no longer displays the ssl warning on chrome in android.

blocks|key|3966593|text|只需对版本44.0.2403.155+dev-m执行以下操作|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3966594|隐私-->内容设置-->不允许任何网站运行JavaScript|3966595|问题已解决|3966596|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

Just do the following for Version 44.0.2403.155 dev-m

Privacy -->Content settings -->Do not allow any site to run JavaScript

Problem Solved

blocks|key|3966680|text|适用于那些在IIS服务器上遇到此问题的用户。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3966681|解释：有时证书会携带中间证书的URL，而不是实际的证书。桌面浏览器可以使用此URL+DOWNLOAD缺少的中间证书。但较老的移动浏览器无法做到这一点。所以他们抛出了这个警告。|offset|length|style|BOLD|3966682|你需要|3966683|1)确保所有中间证书都由服务器提供服务|3966684|2)禁用IIS中不需要的证书路径-在“受信任的根证书颁发机构”下，您需要对触发下载的证书“禁用所有用途”。|3966685|PS。我的同事写了一篇包含更详细步骤的博客文章：https://www.jitbit.com/maxblog/21-errcertauthorityinvalid-on-android-and-iis/|3966686|entityMap|0|LINK|mutability|MUTABLE|url|https://www.jitbit.com/maxblog/21-errcertauthorityinvalid-on-android-and-iis/^0|0|0|2|F|3|16|8|0|0|0|0|O|25|0|0^^$0|@$1|2|3|4|5|6|7|X|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Y|8|@$D|Z|E|10|F|G]|$D|11|E|12|F|G]|$D|13|E|14|F|G]]|9|@]|A|$]]|$1|H|3|I|5|6|7|15|8|@]|9|@]|A|$]]|$1|J|3|K|5|6|7|16|8|@]|9|@]|A|$]]|$1|L|3|M|5|6|7|17|8|@]|9|@]|A|$]]|$1|N|3|O|5|6|7|18|8|@]|9|@$D|19|E|1A|1|1B]]|A|$]]|$1|P|3|-4|5|6|7|1C|8|@]|9|@]|A|$]]]|Q|$R|$5|S|T|U|A|$V|W]]]]

For those having this problem on IIS servers.

Explanation: sometimes certificates carry an URL of an intermediate certificate instead of the actual certificate. Desktop browsers can DOWNLOAD the missing intermediate certificate using this URL. But older mobile browsers are unable to do that. So they throw this warning.

You need to

1) make sure all intermediate certificates are served by the server

2) disable unneeded certification paths in IIS - Under "Trusted Root Certification Authorities", you need to "disable all purposes" for the certificate that triggers the download.

PS. my colleague has wrote a blog post with more detailed steps: <a href="https://www.jitbit.com/maxblog/21-errcertauthorityinvalid-on-android-and-iis/">https://www.jitbit.com/maxblog/21-errcertauthorityinvalid-on-android-and-iis/</a>

blocks|key|3966903|text|当我通过解析和使用NameCheap转售的Comodo+SSL证书托管网站时，也遇到了同样的问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3966904|您将在压缩文件夹中收到两个证书文件:+www_yourdomain_com.ca-bundle+www_yourdomain_com.crt|3966905|您只能上传一个文件到Parse：Parse+SSL+Cert+Input+Box|offset|length|3966906|在终端中使用以下命令合并这两个文件：|3966907|cat+www_yourdomain_com.crt+www_yourdomain_com.ca-bundle+>+www_yourdomain_com_combine.crt|code-block|syntax|javascript|3966908|然后上传到Parse。这应该可以解决Android+Chrome和Firefox浏览器的问题。您可以通过在https://www.sslchecker.com/sslchecker上测试它来验证它是否工作正常|3966909|entityMap|0|LINK|mutability|MUTABLE|url|http://i.stack.imgur.com/8iwRC.png|1|https://www.sslchecker.com/sslchecker^0|0|0|G|O|0|0|0|0|1H|11|1|0^^$0|@$1|2|3|4|5|6|7|10|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|11|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|12|8|@]|9|@$F|13|G|14|1|15]]|A|$]]|$1|H|3|I|5|6|7|16|8|@]|9|@]|A|$]]|$1|J|3|K|5|L|7|17|8|@]|9|@]|A|$M|N]]|$1|O|3|P|5|6|7|18|8|@]|9|@$F|19|G|1A|1|1B]]|A|$]]|$1|Q|3|-4|5|6|7|1C|8|@]|9|@]|A|$]]]|R|$S|$5|T|U|V|A|$W|X]]|Y|$5|T|U|V|A|$W|Z]]]]

I had this same problem while hosting a web site via Parse and using a Comodo SSL cert resold by NameCheap.

You will receive two cert files inside of a zip folder:
www_yourdomain_com.ca-bundle
www_yourdomain_com.crt

You can only upload one file to Parse:
<a href="http://i.stack.imgur.com/8iwRC.png">Parse SSL Cert Input Box</a>

In terminal combine the two files using:

<pre><code>cat www_yourdomain_com.crt www_yourdomain_com.ca-bundle &gt; www_yourdomain_com_combine.crt
</code></pre>

Then upload to Parse. This should fix the issue with Android Chrome and Firefox browsers. You can verify that it worked by testing it at <a href="https://www.sslchecker.com/sslchecker">https://www.sslchecker.com/sslchecker</a>

blocks|key|1856829|text|我用这个命令解决了我的问题：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1856830|cat+__mydomain_com.crt+__mydomain_com.ca-bundle+>+__mydomain_com_combine.crt|code-block|syntax|javascript|1856831|在此之后：|1856832|cat+__mydomain_com_combine.crt+COMODORSADomainValidationSecureServerCA.crt+
COMODORSAAddTrustCA.crt+AddTrustExternalCARoot.crt+>+mydomain.pem|1856833|在我的域名nginx+.conf中，我放在了服务器443上：|1856834|ssl_certificate++++++++++ssl/mydomain.pem;
ssl_certificate_key++++++ssl/mydomain.private.key;|1856835|我没忘了重启你的"Nginx“|1856836|service+nginx+restart|1856837|entityMap^0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|W|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|Y|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|Z|8|@]|9|@]|A|$E|F]]|$1|O|3|P|5|6|7|10|8|@]|9|@]|A|$]]|$1|Q|3|R|5|D|7|11|8|@]|9|@]|A|$E|F]]|$1|S|3|-4|5|6|7|12|8|@]|9|@]|A|$]]]|T|$]]

I solved my problem with this commands:

<pre><code>cat __mydomain_com.crt __mydomain_com.ca-bundle &gt; __mydomain_com_combine.crt
</code></pre>

and after:

<pre><code>cat __mydomain_com_combine.crt COMODORSADomainValidationSecureServerCA.crt 
COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt &gt; mydomain.pem
</code></pre>

And in my domain nginx .conf I put on the server 443:

<pre><code>ssl_certificate ssl/mydomain.pem;
ssl_certificate_key ssl/mydomain.private.key;
</code></pre>

I don't forget restart your "Nginx"

<pre><code>service nginx restart
</code></pre>

blocks|key|5384570|text|我想你应该安装CA证书格式一，如果权威机构可以：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|5384571|ssl_trusted_certificate+ssl/SSL_CA_Bundle.pem；|5384572|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

I guess you should install CA certificate form one if authority canter:

ssl_trusted_certificate ssl/SSL_CA_Bundle.pem;

blocks|key|1550026|text|检查您的证书链中是否存在问题的一个好方法是使用此网站：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1550027|https://www.digicert.com/help/|offset|length|1550028|插入您的测试URL，它将告诉您可能出错的地方。我们的问题与您的症状相同，并且我们的问题被诊断为是由于中间证书造成的。|1550029|1550030|+SSL证书不受信任|blockquote|1550031|1550032|该证书不是由受信任的颁发机构签署的(对照Mozilla的根存储进行检查)。如果您从受信任的颁发机构购买了证书，则可能只需要安装一个或多个中间证书。请与您的证书提供商联系，以获得针对您的服务器平台执行此操作的帮助。|1550033|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|U|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|V|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|W|8|@]|9|@$D|X|E|Y|1|Z]]|A|$]]|$1|F|3|G|5|6|7|10|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|11|8|@]|9|@]|A|$]]|$1|I|3|J|5|K|7|12|8|@]|9|@]|A|$]]|$1|L|3|-4|5|6|7|13|8|@]|9|@]|A|$]]|$1|M|3|N|5|6|7|14|8|@]|9|@]|A|$]]|$1|O|3|-4|5|6|7|15|8|@]|9|@]|A|$]]]|P|$Q|$5|R|S|T|A|$U|C]]]]

A decent way to check whether there is an issue in your certificate chain is to use this website:

<a href="https://www.digicert.com/help/" rel="nofollow">https://www.digicert.com/help/</a>

Plug in your test URL and it will tell you what may be wrong. We had an issue with the same symptom as you, and our issue was diagnosed as being due to intermediate certificates.

<blockquote>
 SSL Certificate is not trusted
 
 The certificate is not signed by a trusted authority (checking against
 Mozilla's root store). If you bought the certificate from a trusted
 authority, you probably just need to install one or more Intermediate
 certificates. Contact your certificate provider for assistance doing
 this for your server platform.
</blockquote>

Domain: <a href="https://www.amz2btc.com">https://www.amz2btc.com</a>

Analysis from SSL Labs: <a href="https://www.ssllabs.com/ssltest/analyze.html?d=amz2btc.com">https://www.ssllabs.com/ssltest/analyze.html?d=amz2btc.com</a>

All my desktop browsers open this fine. Mobile Firefox opens this fine. Only when I tried with mobile Chrome did I get the error: <code>err_cert_authority_invalid</code>

I know very little about SSL, so I can't really make sense of the SSL report or why this error is coming up. If someone could ELI5, that would be ideal. :)

SSL cert "err_cert_authority_invalid" on mobile chrome only

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

域名：来自SSL实验室的分析：我所有的桌面浏览器都能很好地打开。移动Firefox可以很好地打开它。只有当我尝试使用移动Chrome时，我才得到错误：err_cert_authority_invalid我对SSL知之甚少，所以我真的不能理解SSL报告的意义，也不明白为什么会出现这个错误。如果有人可以ELI5，那将是最理...

问SSL证书"err_cert_authority_invalid“仅适用于移动chrome
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问SSL证书"err_cert_authority_invalid“仅适用于移动chromeEN