SSL cert issues with mobile devices

Xin Li delphij at delphij.net
Mon Apr 6 19:32:44 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 04/06/15 12:23, Igal @ Lucee.org wrote:
> I have an issue with my SSL certificate on some mobile devices,
> e.g. Safari on iPhone and Firefox on Android.  Everything seems to
> be fine with desktop browsers as well as some mobile browsers
> (works fine on Chrome on Android).
> 
> According to ssllabs.com the issue is with the Certificate Chain
> and/or the Certification Path:
> 
> This server's certificate chain is incomplete. Grade capped to B.
> 
> Certificates provided 	1 (1331 bytes) Chain issues 	*Incomplete*
[...]
> ssl_certificate C:/ssl-certificates/mydomainname.crt;     ## .crt
> or .pem

You need to get a copy of your intermediate certificate authority's
certificate (in your case, that Go Daddy Secure Certificate Authority
- - G2 or probably https://certs.godaddy.com/repository/gdig2.crt, check
https://certs.godaddy.com/repository to make sure) and concatnate it
at the end of your mydomainname.crt.

This way you are presenting a chain of certificate (your certificate,
then intermediate certificate that have signed your certificate; you
don't need to include the root certificate as it's a waste of
bandwidth) to the client.

Cheers,
- -- 
Xin LI <delphij at delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.2 (FreeBSD)

iQIcBAEBCgAGBQJVIt9cAAoJEJW2GBstM+nsXBoP/3QrCKtBezAh51tym2BeVyRA
eShkpqu8Sfh+hzXJZYuLd/1l/IIW8H40LU8bdrXcuyZ6RUl/damrlb2z7qx7PXAU
MRBb2YF7ohicdzwzcpMDSnpx+573WeSdDE6s9Ne/EPbotHr8meHv+L83O3qR+D9u
b4kfhasvhRYz1rUgGXj/66h1S1ExTu1Pp9MJJfxZ1e/2l3TNkJLRE4A8flUy2rq4
rXzjiWupoyBWXtNem8t0o3Caag+7W6bvj9k8EqNDA87G575o8p4QuEt/ImoC82Bi
ZHtcM9fGt5m6120DX7eTjfEcaaM9xfqACLrhtuBEQs4u1EPAZ1CwBkF2ONfW+sWZ
qyZtjfVlvkiF4hWi0N2vAW9apsFGT6MA2cv4bBO7EQAjmTmJdZt3oV6VCzOdM8AZ
cBbsm+jlc0LmGc2OWP59G+8loJYmI4dRPDkHB34TphavjrAfilewlEoLh3xNBT9b
pkMU7R1Xa1DOxL5+xPhfJlFEHLQEzFc9T0e1BXtNVNw0WZrpRzRRMjVJKp1ei3Mf
AyCoWUK2fIK7ZFMNCFu94G4S8KGhn092HqtjJKj/0ps9kTW5oPBdxf5WfFJvfEQy
HU08D7MIDdBBMZEZxHGx9zMUvRU6Ip6Iu4puiq/0/mzr4LwKJMfEiFtpL9wlSRpm
D599/YGgDOC/An2bAx89
=ItVn
-----END PGP SIGNATURE-----

More information about the nginx mailing list