Your connection is not private error on Android device
Lukas Tribus
lukas at ltri.eu
Mon Nov 14 22:32:55 UTC 2022
On Mon, 14 Nov 2022 at 22:56, James Read <jamesread5737 at gmail.com> wrote:
>> So the file needs to contain first your certificate and then the
>> intermediate one.
>
>
> OK. Thanks. I rearranged the file and deleted some certificates. Now sslabs is reporting no chain issues for Certificate #1: RSA 2048 bits (SHA256withRSA)
Correct, a TLS session negotiated with SNI us.wottot.com is now
correctly showing the intermediate certificate.
You are not sending the root certificate here, which is also
completely correct at this point.
The previous poster is confused by the openssl output, which actually
shows a correctly configured server (for the particular SNI value
us.wottot.com).
So all browsers and mobile devices should be able to connect to
us.wottot.com now.
> but for Certificate #2: RSA 2048 bits (SHA256withRSA) it is reporting
> Chain issues Incomplete, Extra certs, Contains anchor
This is a fallback for clients not matching us.wottot.com.
You probably have a "default" ssl server in your configuration that is
still pointing to a path that you did not cleanup. You should only
define this certificate once in your nginx configurations, not
multiple times in different server blocks.
Lukas
More information about the nginx
mailing list