Android Chrome SSL issues

(Chris Gammell) #1

Have been troubleshooting for a few hours now, thought I’d use the meta site as well.

I have a domain SSL cert from Namecheap (Comodo). I appended the intermediate certs to the main cert and am now using that as the listed ssl.crt in use by nginx. However each android device I have refuses to accept that the SSL is valid.

Any thoughts or other experience with this?

(Jens Maier) #2

If there are several intermediary CA certificates, make sure to append them in the correct order, from most specific (i.e. your own certificate) to least specific (i.e. the top-most intermediary CA certificate).

For instance, if the certificate chain is:

  • Root CA
  • Non-EV intermediary CA
  • Reseller’s sub-CA
  • Reseller’s low-trust intermediary CA
  • Your certificate

then the CA bundle file must contain these certificates excluding the root CA’s certificate in reverse order, starting with yours, then the reseller’s intermediary, reseller’s sub-ca, and so on.