## TL;dr 您与此网站之间建立的连接不安全。 "Your connection is not private," "NET::ERR_CERT_COMMON_NAME_INVALID" 您的连接不是私密连接 攻击者可能会试图从 note.ziki.cn 窃取您的信息(例如:密码、通讯内容或信用卡信息)。 如果您看到一整页的错误消息,指出“您的连接不是私有的”,则表明站点,网络或您的设备存在问题。 此服务器无法证明它是note.ziki.cn;其安全证书来自blog.ziki.cn。出现此问题的原因可能是配置有误或您的连接被拦截了。 ```bash curl -v -i https://note.ziki.cn * About to connect() to note.ziki.cn port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=blog.ziki.cn * start date: Oct 16 05:17:14 2020 GMT * expire date: Jan 14 05:17:14 2021 GMT * common name: blog.ziki.cn * issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US * NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN) * Unable to communicate securely with peer: requested domain name does not match the server's certificate. * Closing connection 0 curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate. ``` ```bash curl --insecure -v https://note.ziki.cn 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }' ``` ``` openssl s_client -showcerts -connect note.ziki.cn:443 -servername note.ziki.cn:443 /dev/null | openssl x509 -noout -text |grep DNS: ``` 您的连接不是私密连接 攻击者可能会试图从 192.168.9.119 窃取您的信息(例如:密码、通讯内容或信用卡信息)。了解详情 NET::ERR_CERT_AUTHORITY_INVALID ## ref * https://stackoverflow.com/questions/58802767/no-proceed-anyway-option-on-neterr-cert-invalid-in-chrome-on-macos * https://stackoverflow.com/questions/13127352/how-to-check-subject-alternative-names-for-a-ssl-tls-certificate * https://securitytrails.com/blog/extract-ssl-data