Thanks. Did it. Worked Great. On Wed, Sep 26, 2012 at 2:12 PM, Timofey Koolin <[email protected]> wrote:
> You must convert all in PEM, than open each of they in text editor and > copy all content into one file. > > it says invalid key when trying with combined crt, it work with single crt. > > On Wed, Sep 26, 2012 at 8:17 AM, Ivan Volosyuk <[email protected]> wrote: > >> You may want to concatenate the files into your certificate.pem for extra >> compatibility with various browsers. >> >> >> On Tuesday, September 25, 2012 2:22:33 PM UTC+10, gops wrote: >> >>> newbie here. >>> >>> my ca provide 3 .crt format certificates. >>> >>> and I am allowed to upload only one pem via google apps ssl tab. >>> >>> one is sslca.crt, another is addexternalcaroot.crt and one is >>> mywebsite.crt >>> >>> I converted mywebsite.crt to pem and uploaded and it works with SNI. >>> >>> what do I need to do with other too ? >>> >>> On Mon, Aug 27, 2012 at 6:39 AM, Cayden Meyer <[email protected]> wrote: >>> >>>> Just updating this thread. We have added support for up to 5 >>>> chained/intermediate certificates. Users of Comodo and other CAs which >>>> require more than 2 chained/intermediate certificates can now append the CA >>>> provided bundles/intermediate **certificates to their uploaded >>>> certificate. >>>> >>>> Cheers, >>>> >>>> Cayden Meyer >>>> Product Manager, Google App Engine >>>> >>>> On 3 August 2012 18:27, Nacho Coloma <[email protected]> wrote: >>>> >>>>> Hi Cayden, >>>>> >>>>> Thanks for your reply. >>>>> >>>>> You appear to have the incorrect CNAME for your domain. This is most >>>>>> probably what is causing android browsers to fail to connect. The correct >>>>>> CNAME can be found in your Google Apps control panel. The uploading and >>>>>> configuring certificates section of the SSL for Custom Domains >>>>>> documentation <https://developers.google.com/appengine/docs/ssl> may >>>>>> prove helpful if you have any issues. >>>>>> >>>>> >>>>> Yep, I saw the change of ghs name but since neither certificate was >>>>> working we are just stopping this (with this working configuration) until >>>>> our new certificate arrives. >>>>> >>>>> We just purchased a new one with DigiCert that includes EV validation >>>>> and uses (supposedly, as far as we could check) a single intermediate >>>>> authority. >>>>> >>>>> >>>>>> On the topic of intermediate certificates you should be able to >>>>>> download a single intermediate certificate from Comodo >>>>>> here<https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1&pcid=0&nav=0>. >>>>>> Usually certificate authorities provide a bundle file which contains the >>>>>> full chain, all the certificates in the bundle are often not required. >>>>>> >>>>> >>>>> Ours is (was) a Comodo EssentialSSL. It comes with 5 CAs in the >>>>> bundle, and AFAIK most browsers require the chain up to the root CA. >>>>> >>>>> Don't worry about this, the change of certificate should fix it up. >>>>> Anyway, I would reconsider the limitation of two CAs in the PEM bundle, if >>>>> that's an option. Anyway, it's just my fault for not fully understanding >>>>> the limitations before choosing the certificate provider. Thank God for >>>>> the >>>>> 15-days refund policy. >>>>> >>>>> Thanks for your support. >>>>> >>>>> >>>>>> >>>>>> On 2 August 2012 04:03, Nacho Coloma <[email protected]> wrote: >>>>>> >>>>>>> Hi, I have just configured a certificate for our own custom domain >>>>>>> (VIP) and it is working fine, but Android browsers are rejecting to >>>>>>> connect. >>>>>>> >>>>>>> Investigating, it seems that I should include the full chain of >>>>>>> intermediate CAs to the uploaded PEM file, but that's not possible since >>>>>>> AppEngine only allows at most two certificates in the PEM file. Our >>>>>>> Comodo >>>>>>> certificate has a chain composed of five CAs. If I try to upload the >>>>>>> full >>>>>>> PEM file, AppEngine complains that the format is not supported. >>>>>>> >>>>>>> The working certificate can be seen at https://koliseo.com. You can >>>>>>> test it with: >>>>>>> >>>>>>> openssl s_client -showcerts -connect www.koliseo.com:443 >>>>>>> >>>>>>> Desktop browsers are OK with it, but Android (Froyo and Honeycomb) >>>>>>> will just refuse to connect. Any ideas? >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Google App Engine" group. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/**msg/google-appengine/-/**AvvSXY6BrugJ<https://groups.google.com/d/msg/google-appengine/-/AvvSXY6BrugJ> >>>>>>> . >>>>>>> To post to this group, send email to google-a...@googlegroups.**com. >>>>>>> To unsubscribe from this group, send email to google-appengi...@** >>>>>>> googlegroups.com. >>>>>>> >>>>>>> For more options, visit this group at http://groups.google.com/** >>>>>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>>>>> . >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Google App Engine" group. >>>>>> To post to this group, send email to google-a...@googlegroups.**com. >>>>>> To unsubscribe from this group, send email to google-appengi...@** >>>>>> googlegroups.com. >>>>>> >>>>>> For more options, visit this group at http://groups.google.com/** >>>>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>>>> . >>>>>> >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Google App Engine" group. >>>>> To post to this group, send email to google-a...@googlegroups.**com. >>>>> To unsubscribe from this group, send email to google-appengi...@** >>>>> googlegroups.com. >>>>> >>>>> For more options, visit this group at http://groups.google.com/** >>>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google App Engine" group. >>>> To post to this group, send email to google-a...@googlegroups.**com. >>>> To unsubscribe from this group, send email to google-appengi...@** >>>> googlegroups.com. >>>> >>>> For more options, visit this group at http://groups.google.com/** >>>> group/google-appengine?hl=en<http://groups.google.com/group/google-appengine?hl=en> >>>> . >>>> >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/google-appengine/-/3s5DGFtep_8J. >> >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-appengine?hl=en. >> > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
