10-03-2012 09:01 AM
Hi,
I'm having an issue with intermediate certificates from GoDaddy when connecting from some browsers of mobile devices:
In a PC there's no problem, only from the above mobile devices. The intermediate certificate isn't downloaded from the ACE 4710 resulting in a "SSL Certificate Not Trusted" error.
Since GoDaddy has no instructions to resolve the issue from a Cisco ACE, i'm hoping someone in the community has dealed with this issue before.
Best regards,
Ricardo Canto
Solved! Go to Solution.
10-31-2012 11:36 PM
Hi Ricardo,
It sounds great, it works properly now.
It is hard to say this was related to the ACE or not but on most of the cases is related to the browsers which require to have additional which we install when we configure a chaingroup.
Thank you for your sharing your feedback and helps us to help others.
Jorge
10-03-2012 12:25 PM
Hi Ricardo
Do you have a chaingroup with the intermediate certificate configured in the ssl-proxy service?
---------------------
Cesar R
ANS Team
10-04-2012 03:22 AM
Hi Cesar,
Thank you for your feedback.
Indeed I have the intermediate certificate in the chain group, and that chain in the ssl-proxy service.
From a standard PC and any browser, the complete chain of certificates is downloaded.
Regards,
Ricardo Canto
10-04-2012 03:22 PM
Ricardo,
Could you paste your configuration to review it?
You have indicated you have you have also the intermediate applied under a chaingroup in your current configuration, correct?
Do you have any ssl parameter to force the ACE only to use some specific certificates or you are using all(default)?
You said you are testing with mobile devices, do you have the same behavior no matter what type of mobile device(no matter that brand)?
What are you getting from your mobile devices? Page cannot be displayed or what exactly?
Have you tried from different mobile devices from differente locations?
Have you tried to do the same tests over clear text, meaning on http? Does it work on http only?
These answers may help
Cheers,
Jorge
10-05-2012 09:14 AM
This link is very good to check all the certificates are properly installed and setup:
http://www.sslshopper.com/ssl-checker.html
You type the url in it and check it for you
Jorge
10-30-2012 04:15 AM
Hi Jorge,
I'm sorry not being able to answer you questions earlier. I became a father at a few weeks and needed to take an absence.
The issue was solved after the certificates were renewed last week and imported to the ACEs, no change has been made to the intermediate certificates.
I'm going to answer your questions so that this issue can be document for future reference:
You have indicated you have you have also the intermediate applied under a chaingroup in your current configuration, correct?
Indeed, the intermediate is applies to the chaingroup.
Do you have any ssl parameter to force the ACE only to use some specific certificates or you are using all(default)?
There is a different ssl-proxy for each service. Each one has it's own chaingroup, certs and keys.
You said you are testing with mobile devices, do you have the same behavior no matter what type of mobile device(no matter that brand)?
Only some browsers are affected by this issue:
I've tried with other browsers but had no error:
What are you getting from your mobile devices? Page cannot be displayed or what exactly?
In the browsers affected appears an error indicating "SSL Certificate Not Trusted"
The error is in Portuguese, but is saying "This certificate is not from a trusted authority". As I say above the certificate is from GoDaddy, and has not been revoked.
Have you tried from different mobile devices from differente locations?
See answer 3.
Have you tried to do the same tests over clear text, meaning on http? Does it work on http only?
Non issue, since the problem refers only to SSL
The issue was solved but wasn't able to determine if the issue was with the certificates or with the ACE.
Thank you,
Ricardo Canto
10-31-2012 11:36 PM
Hi Ricardo,
It sounds great, it works properly now.
It is hard to say this was related to the ACE or not but on most of the cases is related to the browsers which require to have additional which we install when we configure a chaingroup.
Thank you for your sharing your feedback and helps us to help others.
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide