I merged the chain and cert together in one file and still get the issue. I did a packet capture from a client with IE8 and it shows that there is a handshake failure. If I open the same page in chrome, it works fine. That would seem to point to the bug listed. I will try 3.3.2.
Thanks, Ben > Also on mobile chrome, I get a > warning that the certificate is not trusted now. We did not have these > issues using ATS 2.0.7. I suspect it has to do with the GoDaddy > certificates using an intermediate CA. I had configured > proxy.config.ssl.server.cert_chain.filename in records.config with the > godaddy certificate chain. I cannot find an equivalent setting in the > ssl_multicert.config. I use ssl_ca_name to point to the certificate chain in ssl_multicert.config. That works for me: dest_ip=109.247.114.204 ssl_cert_name=/etc/pki/tls/certs/star.example.com.crt ssl_key_name=/etc/pki/tls/private/star.example.com.key ssl_ca_name=/etc/pki/tls/certs/star.example.com.ca-bundle But also, you might be hitting the SNI requirement if you're using v3.2.0, so you should try 3.2.3. https://issues.apache.org/jira/browse/TS-1392 -jf
