Thank you Xin!
I appended gdig2.crt to my domain's certificate, and commented out the
ssl_trusted_certificate and the ssl_stapling directives, and it did the
trick.
Many thanks,
Igal Sapir
Lucee Core Developer
Lucee.org http://lucee.org/
On 4/6/2015 12:32 PM, Xin Li wrote:
> On 04/06/15 12:23, Igal @ Lucee.org wrote:
> > I have an issue with my SSL certificate on some mobile devices,
> > e.g. Safari on iPhone and Firefox on Android. Everything seems to
> > be fine with desktop browsers as well as some mobile browsers
> > (works fine on Chrome on Android).
>
> > According to ssllabs.com the issue is with the Certificate Chain
> > and/or the Certification Path:
>
> > This server's certificate chain is incomplete. Grade capped to B.
>
> > Certificates provided 1 (1331 bytes) Chain issues *Incomplete*
> [...]
> > ssl_certificate C:/ssl-certificates/mydomainname.crt; ## .crt
> > or .pem
>
> You need to get a copy of your intermediate certificate authority's
> certificate (in your case, that Go Daddy Secure Certificate Authority
> - G2 or probably https://certs.godaddy.com/repository/gdig2.crt, check
> https://certs.godaddy.com/repository to make sure) and concatnate it
> at the end of your mydomainname.crt.
>
> This way you are presenting a chain of certificate (your certificate,
> then intermediate certificate that have signed your certificate; you
> don't need to include the root certificate as it's a waste of
> bandwidth) to the client.
>
> Cheers,
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx