Hi Cayden, Thanks for your reply.
You appear to have the incorrect CNAME for your domain. This is most > probably what is causing android browsers to fail to connect. The correct > CNAME can be found in your Google Apps control panel. The uploading and > configuring certificates section of the SSL for Custom Domains > documentation <https://developers.google.com/appengine/docs/ssl> may > prove helpful if you have any issues. > Yep, I saw the change of ghs name but since neither certificate was working we are just stopping this (with this working configuration) until our new certificate arrives. We just purchased a new one with DigiCert that includes EV validation and uses (supposedly, as far as we could check) a single intermediate authority. > On the topic of intermediate certificates you should be able to download a > single intermediate certificate from Comodo > here<https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1&pcid=0&nav=0>. > Usually certificate authorities provide a bundle file which contains the > full chain, all the certificates in the bundle are often not required. > Ours is (was) a Comodo EssentialSSL. It comes with 5 CAs in the bundle, and AFAIK most browsers require the chain up to the root CA. Don't worry about this, the change of certificate should fix it up. Anyway, I would reconsider the limitation of two CAs in the PEM bundle, if that's an option. Anyway, it's just my fault for not fully understanding the limitations before choosing the certificate provider. Thank God for the 15-days refund policy. Thanks for your support. > > On 2 August 2012 04:03, Nacho Coloma <[email protected]> wrote: > >> Hi, I have just configured a certificate for our own custom domain (VIP) >> and it is working fine, but Android browsers are rejecting to connect. >> >> Investigating, it seems that I should include the full chain of >> intermediate CAs to the uploaded PEM file, but that's not possible since >> AppEngine only allows at most two certificates in the PEM file. Our Comodo >> certificate has a chain composed of five CAs. If I try to upload the full >> PEM file, AppEngine complains that the format is not supported. >> >> The working certificate can be seen at https://koliseo.com. You can test >> it with: >> >> openssl s_client -showcerts -connect www.koliseo.com:443 >> >> Desktop browsers are OK with it, but Android (Froyo and Honeycomb) will >> just refuse to connect. Any ideas? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/google-appengine/-/AvvSXY6BrugJ. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
