Since the problem only happens with browsers that rely on Windows' certificate infrastructure, the version of Windows matters.
I've tested with IE 8 on Windows 7 and Windows Server 2008 and the problem occurs; I've also tested with IE 7 on Windows XP and Windows Server 2003 and the problem does not occur; I did not test with Windows Vista. It seems that older versions of Windows follow the certificate chain (by downloading it from somewhere), while the more recent versions only follow it if the webserver itself provides the intermediate CA's certificate (as I said, I've tested with other sites that use intermediate CAs and they show no errors - because the intermediate CA's certificate is being provided by Apache using the option I mentioned before). Best regards, On Aug 25, 10:19 pm, Robert Kluin <[email protected]> wrote: > I only get a certificate error if I go tohttps://test.xx.appspot.com. I do > not get errors going tohttps://xx.appspot.com. > > I tested with IE and Chrome and Windows. > > Robert > > On Wed, Aug 25, 2010 at 05:27, Carlos Rodrigues <[email protected]> > wrote: > > Hi again, > > > Any ideas? This is a show-stopper as far as secure applications go... > > > Best regards, > > > On Aug 23, 12:39 pm, Carlos Rodrigues <[email protected]> wrote: > >> Hi all, > > >> I'm developing a small application on GAE that requires HTTPs, however > >> I'm having some trouble with the "*.appspot.com" certificate. > > >> O Chrome, Safari and IE on Windows I get a certificate validation > >> error. This error appears to be related to the certificate validation > >> path, because the topmost authority is "Google Internet Authority" and > >> show as "Not found". > > >> On Firefox there is no error, and the certificate chain correctly > >> shows Equifax as the root CA and "Google Internet Authority" as an > >> intermediate CA. > > >> On the Mac both Firefox and Safari work without showing any errors. > > >> Is there a way around this? I can't expect users to trust the > >> application if they get a certificate error on Windows in every > >> browser except Firefox. > > >> So a summary of tested browsers: > > >> * Internet Explorer 8 (Windows): error > >> * Safari (Windows): error > >> * Safari (OS X): OK > >> * Chrome (Windows): error > >> * Firefox (Windows): OK > >> * Firefox (OS X): OK > > >> It appears that browsers which use the integrated certificate > >> infrastructure on Windows are affected, and others are not. > > >> I know that Windows supports intermediate CAs because I've tested it. > >> But it seems to require that the website itself provides the > >> intermediate CAs certificate (for example, on Apache this would be the > >> "SSLCertificateChainFile /path/to/intermediate-ca.crt" option). > > >> Google App Engine does not appear to do this. > > >> Best regards, > >> Carlos Rodrigues > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
