I believe that's a standard limitation of wildcard SSL certs. See my recent post here: http://groups.google.com/group/google-appengine-java/browse_thread/thread/13f4674c5ef0a83f/2b3a8d16b96d9c0c
On Aug 25, 5:19 pm, Robert Kluin <[email protected]> wrote: > I only get a certificate error if I go tohttps://test.xx.appspot.com. I do > not get errors going tohttps://xx.appspot.com. > > I tested with IE and Chrome and Windows. > > RobertOn Wed, Aug 25, 2010 at 05:27, Carlos Rodrigues > <[email protected]> wrote: > > Hi again, > > > Any ideas? This is a show-stopper as far as secure applications go... > > > Best regards, > > > On Aug 23, 12:39 pm, Carlos Rodrigues <[email protected]> wrote: > >> Hi all, > > >> I'm developing a small application on GAE that requires HTTPs, however > >> I'm having some trouble with the "*.appspot.com" certificate. > > >> O Chrome, Safari and IE on Windows I get a certificate validation > >> error. This error appears to be related to the certificate validation > >> path, because the topmost authority is "Google Internet Authority" and > >> show as "Not found". > > >> On Firefox there is no error, and the certificate chain correctly > >> shows Equifax as the root CA and "Google Internet Authority" as an > >> intermediate CA. > > >> On the Mac both Firefox and Safari work without showing any errors. > > >> Is there a way around this? I can't expect users to trust the > >> application if they get a certificate error on Windows in every > >> browser except Firefox. > > >> So a summary of tested browsers: > > >> * Internet Explorer 8 (Windows): error > >> * Safari (Windows): error > >> * Safari (OS X): OK > >> * Chrome (Windows): error > >> * Firefox (Windows): OK > >> * Firefox (OS X): OK > > >> It appears that browsers which use the integrated certificate > >> infrastructure on Windows are affected, and others are not. > > >> I know that Windows supports intermediate CAs because I've tested it. > >> But it seems to require that the website itself provides the > >> intermediate CAs certificate (for example, on Apache this would be the > >> "SSLCertificateChainFile /path/to/intermediate-ca.crt" option). > > >> Google App Engine does not appear to do this. > > >> Best regards, > >> Carlos Rodrigues > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
