it says invalid key when trying with combined crt, it work with single crt.
On Wed, Sep 26, 2012 at 8:17 AM, Ivan Volosyuk <[email protected]> wrote: > You may want to concatenate the files into your certificate.pem for extra > compatibility with various browsers. > > > On Tuesday, September 25, 2012 2:22:33 PM UTC+10, gops wrote: > >> newbie here. >> >> my ca provide 3 .crt format certificates. >> >> and I am allowed to upload only one pem via google apps ssl tab. >> >> one is sslca.crt, another is addexternalcaroot.crt and one is >> mywebsite.crt >> >> I converted mywebsite.crt to pem and uploaded and it works with SNI. >> >> what do I need to do with other too ? >> >> On Mon, Aug 27, 2012 at 6:39 AM, Cayden Meyer <[email protected]> wrote: >> >>> Just updating this thread. We have added support for up to 5 >>> chained/intermediate certificates. Users of Comodo and other CAs which >>> require more than 2 chained/intermediate certificates can now append the CA >>> provided bundles/intermediate **certificates to their uploaded >>> certificate. >>> >>> Cheers, >>> >>> Cayden Meyer >>> Product Manager, Google App Engine >>> >>> On 3 August 2012 18:27, Nacho Coloma <[email protected]> wrote: >>> >>>> Hi Cayden, >>>> >>>> Thanks for your reply. >>>> >>>> You appear to have the incorrect CNAME for your domain. This is most >>>>> probably what is causing android browsers to fail to connect. The correct >>>>> CNAME can be found in your Google Apps control panel. The uploading and >>>>> configuring certificates section of the SSL for Custom Domains >>>>> documentation <https://developers.google.com/appengine/docs/ssl> may >>>>> prove helpful if you have any issues. >>>>> >>>> >>>> Yep, I saw the change of ghs name but since neither certificate was >>>> working we are just stopping this (with this working configuration) until >>>> our new certificate arrives. >>>> >>>> We just purchased a new one with DigiCert that includes EV validation >>>> and uses (supposedly, as far as we could check) a single intermediate >>>> authority. >>>> >>>> >>>>> On the topic of intermediate certificates you should be able to >>>>> download a single intermediate certificate from Comodo >>>>> here<https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1&pcid=0&nav=0>. >>>>> Usually certificate authorities provide a bundle file which contains the >>>>> full chain, all the certificates in the bundle are often not required. >>>>> >>>> >>>> Ours is (was) a Comodo EssentialSSL. It comes with 5 CAs in the bundle, >>>> and AFAIK most browsers require the chain up to the root CA. >>>> >>>> Don't worry about this, the change of certificate should fix it up. >>>> Anyway, I would reconsider the limitation of two CAs in the PEM bundle, if >>>> that's an option. Anyway, it's just my fault for not fully understanding >>>> the limitations before choosing the certificate provider. Thank God for the >>>> 15-days refund policy. >>>> >>>> Thanks for your support. >>>> >>>> >>>>> >>>>> On 2 August 2012 04:03, Nacho Coloma <[email protected]> wrote: >>>>> >>>>>> Hi, I have just configured a certificate for our own custom domain >>>>>> (VIP) and it is working fine, but Android browsers are rejecting to >>>>>> connect. >>>>>> >>>>>> Investigating, it seems that I should include the full chain of >>>>>> intermediate CAs to the uploaded PEM file, but that's not possible since >>>>>> AppEngine only allows at most two certificates in the PEM file. Our >>>>>> Comodo >>>>>> certificate has a chain composed of five CAs. If I try to upload the full >>>>>> PEM file, AppEngine complains that the format is not supported. >>>>>> >>>>>> The working certificate can be seen at https://koliseo.com. You can >>>>>> test it with: >>>>>> >>>>>> openssl s_client -showcerts -connect www.koliseo.com:443 >>>>>> >>>>>> Desktop browsers are OK with it, but Android (Froyo and Honeycomb) >>>>>> will just refuse to connect. Any ideas? >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Google App Engine" group. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> **msg/google-appengine/-/**AvvSXY6BrugJ<https://groups.google.com/d/msg/google-appengine/-/AvvSXY6BrugJ> >>>>>> . >>>>>> To post to this group, send email to google-a...@googlegroups.**com. >>>>>> To unsubscribe from this group, send email to google-appengi...@** >>>>>> googlegroups.com. >>>>>> >>>>>> For more options, visit this group at http://groups.google.com/** >>>>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>>>> . >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Google App Engine" group. >>>>> To post to this group, send email to google-a...@googlegroups.**com. >>>>> To unsubscribe from this group, send email to google-appengi...@** >>>>> googlegroups.com. >>>>> >>>>> For more options, visit this group at http://groups.google.com/** >>>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>>> . >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google App Engine" group. >>>> To post to this group, send email to google-a...@googlegroups.**com. >>>> To unsubscribe from this group, send email to google-appengi...@** >>>> googlegroups.com. >>>> >>>> For more options, visit this group at http://groups.google.com/** >>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>> . >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Google App Engine" group. >>> To post to this group, send email to google-a...@googlegroups.**com. >>> To unsubscribe from this group, send email to google-appengi...@** >>> googlegroups.com. >>> >>> For more options, visit this group at http://groups.google.com/** >>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>> . >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-appengine/-/3s5DGFtep_8J. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
