SSL cert issues with mobile devices

Igal @ Lucee.org igal at lucee.org
Mon Apr 6 19:23:50 UTC 2015


I have an issue with my SSL certificate on some mobile devices, e.g.
Safari on iPhone and Firefox on Android.  Everything seems to be fine
with desktop browsers as well as some mobile browsers (works fine on
Chrome on Android). 

According to ssllabs.com the issue is with the Certificate Chain and/or
the Certification Path:

This server's certificate chain is incomplete. Grade capped to B.

Certificates provided 	1 (1331 bytes)
Chain issues 	*Incomplete*


Certification Paths
Path #1: Trusted
*1* 	Sent by server 	www.mydomainname.com 
RSA 2048 bits (e 65537) / SHA256withRSA
*2* 	Extra download 	Go Daddy Secure Certificate Authority - G2 
RSA 2048 bits (e 65537) / SHA256withRSA
*3* 	In trust store 	Go Daddy Root Certificate Authority - G2   Self-signed
RSA 2048 bits (e 65537) / SHA256withRSA


Here are my ssl settings:

server {

    ### other settings ommited

    listen                      localhost.mydomainname:443  ssl;

    ssl_certificate_key        
C:/ssl-certificates/mydomainname.key;     ## may be stored in
certificate file (i.e. .pem)
    ssl_certificate            
C:/ssl-certificates/mydomainname.crt;     ## .crt or .pem

    ssl_trusted_certificate     C:/ssl-certificates/gd_bundle-g2-g1.crt;

    ssl_stapling                on;
    ssl_stapling_verify         on;

    keepalive_timeout           70;                     ## minimize ssl
handshake overhead
    ssl_session_timeout         5m;

    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;  ## removes SSLv3
which is on by default and is vulnerable to POODLE attacks
    ssl_prefer_server_ciphers   on;
}

How can I fix this?

TIA!

-- 

Igal Sapir
Lucee Core Developer
Lucee.org <http://lucee.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150406/4f2f6a26/attachment.html>


More information about the nginx mailing list