Hi guys, Thanks for the input, really appreciated!
To answer some of your queries; On 4 January 2013 14:26, Joe Gooch <[email protected]> wrote: > What does the SSL Labs test say? > https://www.ssllabs.com/ssltest/ The results page is quite long, I had been testing against that site already and I can't find anything wrong. These are screenshots of the output page; http://i50.tinypic.com/31485rs.png http://i49.tinypic.com/1zeks38.png http://i50.tinypic.com/23i6zxv.png http://i46.tinypic.com/292wo5u.png Nothing seems really that bad apart from the 2nd screenshot "Incomplete, Extra certs". As I said though, my SSL sites behind Pound are working for desktop machines. The cert is from Comodo and they also have a testing page, it gives the following output: http://i48.tinypic.com/e8obhk.png So nothing very helpful there. On 4 January 2013 14:27, Dave Steinberg <[email protected]> wrote: > This is a red herring. The machine you're running openssl s_client from > doesn't have the particular root cert in the trusted list. Well that is from my desktop machine, and it works OK in my browser(s). On 4 January 2013 14:27, Dave Steinberg <[email protected]> wrote: > I've seen this as well when working with certain mobile clients (android in > particular). It's not a pound issue but a client issue in validating the > certificates. Are you using wildcard certificates by chance? If so try > using a vanilla cert and see if that fixes the issue - it did for me. Sorry should have been more clear; No, no wilcard certs. A couple of sites each with individual standard SSL certs. I would be happy if it was a client issue :) However it seems semi-widespread to me. Mobile devices have problems, openssl has issues, both those SSL testers are throwing up an issues? I have simply compiled a .pem on my desktop and copied it over to the load balancer and pointed to it in the Pound config. Should I have installed a CA cert onto the load balancer also separably? Many thanks for the time and help everyone, it is greatly appreciated. Kind regards, James. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
