Your connection is not private error on Android device

James Read jamesread5737 at gmail.com
Mon Nov 14 22:49:18 UTC 2022


On Mon, Nov 14, 2022 at 10:34 PM Lukas Tribus <lukas at ltri.eu> wrote:

> On Mon, 14 Nov 2022 at 22:56, James Read <jamesread5737 at gmail.com> wrote:
> >> So the file needs to contain first your certificate and then the
> >> intermediate one.
> >
> >
> > OK. Thanks. I rearranged the file and deleted some certificates. Now
> sslabs is reporting no chain issues for Certificate #1: RSA 2048 bits
> (SHA256withRSA)
>
> Correct, a TLS session negotiated with SNI us.wottot.com is now
> correctly showing the intermediate certificate.
> You are not sending the root certificate here, which is also
> completely correct at this point.
>
> The previous poster is confused by the openssl output, which actually
> shows a correctly configured server (for the particular SNI value
> us.wottot.com).
>
> So all browsers and mobile devices should be able to connect to
> us.wottot.com now.
>
>
> > but for Certificate #2: RSA 2048 bits (SHA256withRSA) it is reporting
> > Chain issues Incomplete, Extra certs, Contains anchor
>
> This is a fallback for clients not matching us.wottot.com.
>
> You probably have a "default" ssl server in your configuration that is
> still pointing to a path that you did not cleanup. You should only
> define this certificate once in your nginx configurations, not
> multiple times in different server blocks.
>
>
>
OK. Problem solved. Thanks for your patience and your explanations.

James Read


>
> Lukas
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221114/303104c0/attachment.htm>


More information about the nginx mailing list