<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I have an issue with my SSL certificate on some mobile devices, e.g.
Safari on iPhone and Firefox on Android. Everything seems to be
fine with desktop browsers as well as some mobile browsers (works
fine on Chrome on Android). <br>
<br>
According to ssllabs.com the issue is with the Certificate Chain
and/or the Certification Path:<br>
<br>
<span style="color: rgb(34, 34, 34); font-family: Arial, Helvetica,
sans-serif; font-size: 12px; font-style: normal; font-variant:
normal; font-weight: bold; letter-spacing: normal; line-height:
21.6000003814697px; orphans: auto; text-align: center;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none; background-color:
rgb(255, 207, 121);">This server's certificate chain is
incomplete. Grade capped to B.</span><br>
<br>
<table class="reportTable" style="border-collapse: collapse; width:
670px; margin: 0px 10px 0px 0px; padding: 0px; font-size: 12px;
line-height: 20px; font-family: Arial, Helvetica, sans-serif;
letter-spacing: normal; orphans: auto; text-indent: 0px;
text-transform: none; widows: 1; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(253, 253,
253);">
<tbody>
<tr class="tableRow">
<td class="tableLabel" style="text-align: left; padding: 3px
10px 3px 0px; color: rgb(68, 68, 68); border-bottom-width:
1px; border-bottom-style: solid; border-bottom-color:
rgb(240, 240, 240); vertical-align: middle; font-size: 12px;
font-weight: bold; width: 230px;">Certificates provided</td>
<td class="tableCell" style="text-align: left; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px;">1 (1331 bytes)</td>
</tr>
<tr class="tableRow">
<td class="tableLabel" style="text-align: left; padding: 3px
10px 3px 0px; color: rgb(68, 68, 68); border-bottom-width:
1px; border-bottom-style: solid; border-bottom-color:
rgb(240, 240, 240); vertical-align: middle; font-size: 12px;
font-weight: bold; width: 230px;"><font color="#F88017">Chain
issues</font></td>
<td class="tableCell" style="text-align: left; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px;"><font color="#F88017"><b>Incomplete</b></font></td>
</tr>
</tbody>
</table>
<br>
<table class="reportTable" style="border-collapse: collapse; width:
670px; margin: 0px 10px 0px 0px; padding: 0px; font-size: 12px;
line-height: 20px; font-family: Arial, Helvetica, sans-serif;
letter-spacing: normal; orphans: auto; text-indent: 0px;
text-transform: none; widows: 1; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(253, 253,
253);">
<thead><tr>
<td class="tableHead" colspan="3" style="color: rgb(0, 157,
223); font-weight: bold; padding-bottom: 5px;
vertical-align: middle; border-bottom-width: 2px;
border-bottom-style: solid; border-bottom-color: rgb(198,
210, 212); font-size: 13px;">Certification Paths</td>
</tr>
</thead><tbody>
<tr class="tableSeparator">
<td class="tableSubHead" colspan="3" style="color: rgb(0, 157,
223); font-weight: bold; padding-bottom: 5px;
vertical-align: middle; padding-top: 15px;
border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(198, 210, 212); font-size: 12px;">Path
#1: Trusted</td>
</tr>
<tr class="tableRow">
<td class="tableCell" style="text-align: right; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px; width: 75px;"><b>1</b></td>
<td class="tableCell" style="text-align: center; padding: 3px
10px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 11px; width: 125px;">Sent by server</td>
<td class="tableCell" style="text-align: left; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px;"><a class="moz-txt-link-abbreviated" href="http://www.mydomainname.com">www.mydomainname.com</a><span
class="Apple-converted-space"> </span><br>
RSA 2048 bits (e 65537) / SHA256withRSA</td>
</tr>
<tr class="tableRow">
<td class="tableCell" style="text-align: right; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px; width: 75px;"><b>2</b></td>
<td class="tableCell" style="text-align: center; padding: 3px
10px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 11px; width: 125px;"><font
color="#F88017">Extra download</font></td>
<td class="tableCell" style="text-align: left; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px;">Go Daddy Secure Certificate
Authority - G2<span class="Apple-converted-space"> </span><br>
RSA 2048 bits (e 65537) / SHA256withRSA</td>
</tr>
<tr class="tableRow">
<td class="tableCell" style="text-align: right; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px; width: 75px;"><b>3</b></td>
<td class="tableCell" style="text-align: center; padding: 3px
10px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 11px; width: 125px;"><font color="green">In
trust store</font></td>
<td class="tableCell" style="text-align: left; padding: 3px
0px; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(240, 240, 240); vertical-align:
middle; font-size: 12px;">Go Daddy Root Certificate
Authority - G2 <span class="Apple-converted-space"> </span><font
color="grey">Self-signed</font> <br>
RSA 2048 bits (e 65537) / SHA256withRSA</td>
</tr>
</tbody>
</table>
<br>
Here are my ssl settings:<br>
<br>
<tt>server {</tt><tt><br>
</tt><tt><br>
</tt><tt> ### other settings ommited</tt><tt><br>
</tt><tt><br>
</tt><tt> listen localhost.mydomainname:443
ssl;</tt><tt><br>
</tt><tt><br>
</tt><tt> ssl_certificate_key
C:/ssl-certificates/mydomainname.key; ## may be stored in
certificate file (i.e. .pem)</tt><tt><br>
</tt><tt> ssl_certificate
C:/ssl-certificates/mydomainname.crt; ## .crt or .pem</tt><tt><br>
</tt><tt><br>
</tt><tt> ssl_trusted_certificate
C:/ssl-certificates/gd_bundle-g2-g1.crt;</tt><tt><br>
</tt><tt><br>
</tt><tt> ssl_stapling on;</tt><tt><br>
</tt><tt> ssl_stapling_verify on;</tt><tt><br>
</tt><tt><br>
</tt><tt> keepalive_timeout 70; ##
minimize ssl handshake overhead</tt><tt><br>
</tt><tt> ssl_session_timeout 5m;</tt><tt><br>
</tt><tt><br>
</tt><tt> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ##
removes SSLv3 which is on by default and is vulnerable to POODLE
attacks</tt><tt><br>
</tt><tt> ssl_prefer_server_ciphers on;</tt><tt><br>
</tt><tt>}</tt><br>
<br>
How can I fix this?<br>
<br>
TIA!<br>
<br>
<div class="moz-signature">-- <br>
<p>Igal Sapir
<br>
Lucee Core Developer
<br>
<a href="http://lucee.org/">Lucee.org</a></p>
</div>
</body>
</html>