newbie here. my ca provide 3 .crt format certificates.
and I am allowed to upload only one pem via google apps ssl tab. one is sslca.crt, another is addexternalcaroot.crt and one is mywebsite.crt I converted mywebsite.crt to pem and uploaded and it works with SNI. what do I need to do with other too ? On Mon, Aug 27, 2012 at 6:39 AM, Cayden Meyer <[email protected]> wrote: > Just updating this thread. We have added support for up to 5 > chained/intermediate certificates. Users of Comodo and other CAs which > require more than 2 chained/intermediate certificates can now append the CA > provided bundles/intermediate certificates to their uploaded certificate. > > Cheers, > > Cayden Meyer > Product Manager, Google App Engine > > On 3 August 2012 18:27, Nacho Coloma <[email protected]> wrote: > >> Hi Cayden, >> >> Thanks for your reply. >> >> You appear to have the incorrect CNAME for your domain. This is most >>> probably what is causing android browsers to fail to connect. The correct >>> CNAME can be found in your Google Apps control panel. The uploading and >>> configuring certificates section of the SSL for Custom Domains >>> documentation <https://developers.google.com/appengine/docs/ssl> may >>> prove helpful if you have any issues. >>> >> >> Yep, I saw the change of ghs name but since neither certificate was >> working we are just stopping this (with this working configuration) until >> our new certificate arrives. >> >> We just purchased a new one with DigiCert that includes EV validation and >> uses (supposedly, as far as we could check) a single intermediate authority. >> >> >>> On the topic of intermediate certificates you should be able to download >>> a single intermediate certificate from Comodo >>> here<https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1&pcid=0&nav=0>. >>> Usually certificate authorities provide a bundle file which contains the >>> full chain, all the certificates in the bundle are often not required. >>> >> >> Ours is (was) a Comodo EssentialSSL. It comes with 5 CAs in the bundle, >> and AFAIK most browsers require the chain up to the root CA. >> >> Don't worry about this, the change of certificate should fix it up. >> Anyway, I would reconsider the limitation of two CAs in the PEM bundle, if >> that's an option. Anyway, it's just my fault for not fully understanding >> the limitations before choosing the certificate provider. Thank God for the >> 15-days refund policy. >> >> Thanks for your support. >> >> >>> >>> On 2 August 2012 04:03, Nacho Coloma <[email protected]> wrote: >>> >>>> Hi, I have just configured a certificate for our own custom domain >>>> (VIP) and it is working fine, but Android browsers are rejecting to >>>> connect. >>>> >>>> Investigating, it seems that I should include the full chain of >>>> intermediate CAs to the uploaded PEM file, but that's not possible since >>>> AppEngine only allows at most two certificates in the PEM file. Our Comodo >>>> certificate has a chain composed of five CAs. If I try to upload the full >>>> PEM file, AppEngine complains that the format is not supported. >>>> >>>> The working certificate can be seen at https://koliseo.com. You can >>>> test it with: >>>> >>>> openssl s_client -showcerts -connect www.koliseo.com:443 >>>> >>>> Desktop browsers are OK with it, but Android (Froyo and Honeycomb) will >>>> just refuse to connect. Any ideas? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google App Engine" group. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msg/google-appengine/-/AvvSXY6BrugJ. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/google-appengine?hl=en. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Google App Engine" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/google-appengine?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
