Thank you Xin! I appended gdig2.crt to my domain's certificate, and commented out the ssl_trusted_certificate and the ssl_stapling directives, and it did the trick.
Many thanks, Igal Sapir Lucee Core Developer Lucee.org <http://lucee.org/> On 4/6/2015 12:32 PM, Xin Li wrote: > On 04/06/15 12:23, Igal @ Lucee.org wrote: > > I have an issue with my SSL certificate on some mobile devices, > > e.g. Safari on iPhone and Firefox on Android. Everything seems to > > be fine with desktop browsers as well as some mobile browsers > > (works fine on Chrome on Android). > > > According to ssllabs.com the issue is with the Certificate Chain > > and/or the Certification Path: > > > This server's certificate chain is incomplete. Grade capped to B. > > > Certificates provided 1 (1331 bytes) Chain issues *Incomplete* > [...] > > ssl_certificate C:/ssl-certificates/mydomainname.crt; ## .crt > > or .pem > > You need to get a copy of your intermediate certificate authority's > certificate (in your case, that Go Daddy Secure Certificate Authority > - G2 or probably https://certs.godaddy.com/repository/gdig2.crt, check > https://certs.godaddy.com/repository to make sure) and concatnate it > at the end of your mydomainname.crt. > > This way you are presenting a chain of certificate (your certificate, > then intermediate certificate that have signed your certificate; you > don't need to include the root certificate as it's a waste of > bandwidth) to the client. > > Cheers, > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
