cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2016
Views
0
Helpful
6
Replies
ricardo.canto
Beginner

ACE Chain Certificates in mobile devices

Hi,

I'm having an issue with intermediate certificates from GoDaddy when connecting from some browsers of mobile devices:

  • Browser in Android 2.3.3;
  • Safari in iOS 4.2.1;
  • Chrome 18 in Android 4.0.

In a PC there's no problem, only from the above mobile devices. The intermediate certificate isn't downloaded from the ACE 4710 resulting in a "SSL Certificate Not Trusted" error.

Since GoDaddy has no instructions to resolve the issue from a Cisco ACE, i'm hoping someone in the community has dealed with this issue before.

Best regards,

Ricardo Canto

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Ricardo,

It sounds great, it works properly now.

It is hard to say this was related to the ACE or not but on most of the cases is related to the browsers which require to have additional which we install when we configure a chaingroup.

Thank you for your sharing your feedback and helps us to help others.

Jorge

View solution in original post

6 REPLIES 6
Cesar Roque
Enthusiast

Hi Ricardo

Do you have a chaingroup with the intermediate certificate configured in the ssl-proxy service?

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

Hi Cesar,

Thank you for your feedback.

Indeed I have the intermediate certificate in the chain group, and that chain in the ssl-proxy service.

From a standard PC and any browser, the complete chain of certificates is downloaded.

Regards,

Ricardo Canto

Jorge Bejarano
Enthusiast

Ricardo,

Could you paste your configuration to review it?

You have indicated you have you have also the intermediate applied under a chaingroup in your current configuration, correct?

Do you have any ssl parameter to force the ACE only to use some specific certificates or you are using all(default)?

You said you are testing with mobile devices, do you have the same behavior no matter what type of mobile device(no matter that brand)?

What are you getting from your mobile devices? Page cannot be displayed or what exactly?

Have you tried from different mobile devices from differente locations?

Have you tried to do the same tests over clear text, meaning on http? Does it work on http only?

These answers may help

Cheers,

Jorge

Jorge Bejarano
Enthusiast

This link is very good to check all the certificates are properly installed and setup:

http://www.sslshopper.com/ssl-checker.html

You type the url in it and check it for you

Jorge

Hi Jorge,

I'm sorry not being able to answer you questions earlier. I became a father at a few weeks and needed to take an absence.

The issue was solved after the certificates were renewed last week and imported to the ACEs, no change has been made to the intermediate certificates.

I'm going to answer your questions so that this issue can be document for future reference:

  • You have indicated you have you have also the intermediate applied under a chaingroup in your current configuration, correct?

    Indeed, the intermediate is applies to the chaingroup.

  • Do you have any ssl parameter to force the ACE only to use some specific certificates or you are using all(default)?

    There is a different ssl-proxy for each service. Each one has it's own chaingroup, certs and keys.

  • You said you are testing with mobile devices, do you have the same behavior no matter what type of mobile device(no matter that brand)?

    Only some browsers are affected by this issue:

    • Browser in Android 2.3.3;
    • Safari in OS 4.2.1;
    • Chrome 18 in Android 4.0.

    I've tried with other browsers but had no error:

    • Google Chrome 22 in Windows 7;
    • Windows Internet Explorer 9 in Windows 7;
    • Opera Mini 7.5 in Android 2.3.3;

  • What are you getting from your mobile devices? Page cannot be displayed or what exactly?

    In the browsers affected appears an error indicating "SSL Certificate Not Trusted"

    The error is in Portuguese, but is saying "This certificate is not from a trusted authority". As I say above the certificate is from GoDaddy, and has not been revoked.

  • Have you tried from different mobile devices from differente locations?

    See answer 3.

  • Have you tried to do the same tests over clear text, meaning on http? Does it work on http only?

    Non issue, since the problem refers only to SSL

The issue was solved but wasn't able to determine if the issue was with the certificates or with the ACE.

Thank you,

Ricardo Canto

Hi Ricardo,

It sounds great, it works properly now.

It is hard to say this was related to the ACE or not but on most of the cases is related to the browsers which require to have additional which we install when we configure a chaingroup.

Thank you for your sharing your feedback and helps us to help others.

Jorge

View solution in original post