29 Mar
2015
29 Mar
'15
11:56 p.m.
SSLCertificateChainFile /etc/ssl/certs/gd_bundle-g2-g1.crt
I have actually fixed it.
Yeah, that's always it. Back in the good aulde days all of the SSL certs one might buy were signed directly by the CA, but now more often than not there are intermediate certs, and a valid cert needs to be accompanied by all of the intermediate certs between it and the CA. What makes debugging hard is that browsers try to be helpful. If a server doesn't provide the intermediate certs, but the browser happens to have them in its cache from some other site, well, close enough and the SSL works. But if some other browser doesn't happen to have them, you lose. So if your SSL is flaky, check those intermediate certs first. R's, John