I had bought a SSL certification for my custom domain and set up to my GAE project. It worked fine with most browsers until the new Firefox version comes out. Firefox denied my SSL certification. I had used the SSL Checker, it gave me the feedback.
"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates."
I had tried to google how to set the intermediate certificates, but nothing found. Did anyone encounter the same trouble and know to solve it?
It looks like these directions will help you out. They are for a different CA, but the logic should be the same.
Because Google App Engine does not have a separate option to upload an Intermediate Certificate, you have to include this certificate in the public key file. You can do this by opening the certificate for your website and the Intermediate Certificates from GlobalSign in a plain text editor and simply copy and paste all the content from the Intermediate Certificate at the end of the file of the webserver certificate that was issued by GlobalSign.
The Google AppEngine Docs say that this is the correct thing to do, but they don't go into the same level of detail as the other link.
If the host certificate requires an intermediate or chained certificate (as many Certificate Authorities (CAs) issue), you will need to append the intermediate or chained certificates to the end of the public certificate file.
If you landed here from a google search while trying to setup your GoDaddy cert on AppEngine and having an issue with Android on GoDaddy's intermediate cert chains, I figured out the solution and documented here: http://www.blainegarrett.com/2017/06/26/how-to-get-appengine-godaddy-android-to-actually-work/
Long story short, you must PEM format the individual .crt files from GoDaddy prior to concating the certs as described in the AppEngine Docs. I pulled my hair out trying to get my site working on Android over SSL.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With