I have an issue with my SSL certificate on some mobile devices, e.g.
Safari on iPhone and Firefox on Android. Everything seems to be fine
with desktop browsers as well as some mobile browsers (works fine on
Chrome on Android).
According to ssllabs.com the issue is with the Certificate Chain and/or
the Certification Path:
This server's certificate chain is incomplete. Grade capped to B.
Certificates provided 1 (1331 bytes)
Chain issues *Incomplete*
Certification Paths
Path #1: Trusted
*1* Sent by server www.mydomainname.com
RSA 2048 bits (e 65537) / SHA256withRSA
*2* Extra download Go Daddy Secure Certificate Authority - G2
RSA 2048 bits (e 65537) / SHA256withRSA
*3* In trust store Go Daddy Root Certificate Authority - G2 Self-signed
RSA 2048 bits (e 65537) / SHA256withRSA
Here are my ssl settings:
server {
### other settings ommited
listen localhost.mydomainname:443 ssl;
ssl_certificate_key
C:/ssl-certificates/mydomainname.key; ## may be stored in
certificate file (i.e. .pem)
ssl_certificate
C:/ssl-certificates/mydomainname.crt; ## .crt or .pem
ssl_trusted_certificate C:/ssl-certificates/gd_bundle-g2-g1.crt;
ssl_stapling on;
ssl_stapling_verify on;
keepalive_timeout 70; ## minimize ssl
handshake overhead
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ## removes SSLv3
which is on by default and is vulnerable to POODLE attacks
ssl_prefer_server_ciphers on;
}
How can I fix this?
TIA!
--
Igal Sapir
Lucee Core Developer
Lucee.org <http://lucee.org/>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
