Your connection is not private error on Android device

Lukas Tribus lukas at ltri.eu
Mon Nov 14 17:57:09 UTC 2022


On Mon, 14 Nov 2022 at 17:31, James Read <jamesread5737 at gmail.com> wrote:
>
> I have configured SSL on a number of subdomains including https://us.wottot.com
>
> On my PC I can view the resulting web page without any problems so this leads me to believe the SSL configuration is correct.

Wrong, the intermediate certificate "Starfield Secure Certificate
Authority - G2" is missing, instead you are sending 2 unnecessary root
certificates "Starfield Root Certificate Authority - G2" and
"Starfield Technologies, Inc. / Starfield Class 2 Certification
Authority".
Remove the 2 root certificates and add the intermediate certificate.

It can work in some cases, based on whatever intermediate certificates
your browser currently has in the cache. That doesn't make it a
correct configuration.

Use tools like the ssllabs ssltest or testssl.sh to check for chain issues:

https://www.ssllabs.com/ssltest/analyze.html?d=us.wottot.com



-lukas



More information about the nginx mailing list