[158908] in North American Network Operators' Group
Re: Gmail and SSL
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Dec 14 22:55:10 2012
In-Reply-To: <50CBB029.6050107@alter3d.ca>
Date: Fri, 14 Dec 2012 22:54:54 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Peter Kristolaitis <alter3d@alter3d.ca>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Dec 14, 2012 at 6:03 PM, Peter Kristolaitis <alter3d@alter3d.ca> wrote:
> In my experience, free/cheap certs "not working" on some clients is, in
> 99.9% of cases, a misconfiguration error where the server isn't presenting
> the cert chain properly (usually omitting the intermediate cert), which
> works on some platforms (often because they include the intermediate certs
> to work around these kinds of problems) but not on others. Fixing the cert
> chain that's presented to the client has ALWAYS resolved these types of
> issues in my experience.
and in the case of the original topic... if the gmail servers don't
accept StartSSL certs, please let me know I'll see about a fix.
