BTW, this is not a problem exclusive to GAE. The certificate for "code.google.com" also seems to have changed recently and I just got a warning from TortoiseSVN that the new certificate cannot be validated because the certificate chain is incomplete.
Best regards, On Aug 26, 3:42 pm, Carlos Rodrigues <[email protected]> wrote: > Since the problem only happens with browsers that rely on Windows' > certificate infrastructure, the version of Windows matters. > > I've tested with IE 8 on Windows 7 and Windows Server 2008 and the > problem occurs; > I've also tested with IE 7 on Windows XP and Windows Server 2003 and > the problem does not occur; > > I did not test with Windows Vista. > > It seems that older versions of Windows follow the certificate chain > (by downloading it from somewhere), while the more recent versions > only follow it if the webserver itself provides the intermediate CA's > certificate (as I said, I've tested with other sites that use > intermediate CAs and they show no errors - because the intermediate > CA's certificate is being provided by Apache using the option I > mentioned before). > > Best regards, > > On Aug 25, 10:19 pm, Robert Kluin <[email protected]> wrote: > > > I only get a certificate error if I go tohttps://test.xx.appspot.com. I do > > not get errors going tohttps://xx.appspot.com. > > > I tested with IE and Chrome and Windows. > > > Robert > > > On Wed, Aug 25, 2010 at 05:27, Carlos Rodrigues <[email protected]> > > wrote: > > > Hi again, > > > > Any ideas? This is a show-stopper as far as secure applications go... > > > > Best regards, > > > > On Aug 23, 12:39 pm, Carlos Rodrigues <[email protected]> wrote: > > >> Hi all, > > > >> I'm developing a small application on GAE that requires HTTPs, however > > >> I'm having some trouble with the "*.appspot.com" certificate. > > > >> O Chrome, Safari and IE on Windows I get a certificate validation > > >> error. This error appears to be related to the certificate validation > > >> path, because the topmost authority is "Google Internet Authority" and > > >> show as "Not found". > > > >> On Firefox there is no error, and the certificate chain correctly > > >> shows Equifax as the root CA and "Google Internet Authority" as an > > >> intermediate CA. > > > >> On the Mac both Firefox and Safari work without showing any errors. > > > >> Is there a way around this? I can't expect users to trust the > > >> application if they get a certificate error on Windows in every > > >> browser except Firefox. > > > >> So a summary of tested browsers: > > > >> * Internet Explorer 8 (Windows): error > > >> * Safari (Windows): error > > >> * Safari (OS X): OK > > >> * Chrome (Windows): error > > >> * Firefox (Windows): OK > > >> * Firefox (OS X): OK > > > >> It appears that browsers which use the integrated certificate > > >> infrastructure on Windows are affected, and others are not. > > > >> I know that Windows supports intermediate CAs because I've tested it. > > >> But it seems to require that the website itself provides the > > >> intermediate CAs certificate (for example, on Apache this would be the > > >> "SSLCertificateChainFile /path/to/intermediate-ca.crt" option). > > > >> Google App Engine does not appear to do this. > > > >> Best regards, > > >> Carlos Rodrigues > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Google App Engine" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group > > > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
