

It's 2am. Do you know if your SSL certs are throwing warnings? - erikpukinskis

I am testing my site on BrowserShots (no affiliation) and my success rate is not high:<p><pre><code>  http://browsershots.org/https://secure.sproutrobot.com/
</code></pre>
I don't have any warnings on most of the bleeding edge browsers, but some notable browsers (Firefox 4 on Windows XP, Firefox 3.6 on Ubuntu, bleeding edge Konqueror) throw up nasty warnings. I mean, Firefox 4 on Windows is a pretty huge slice of the market.<p>How are other folks doing on this score? Have you actually tested your site widely? I've tried GoDaddy SSL and the results were even worse. I'm currently using a cert from NameCheap, but I'm considering shelling out the $400/year to get a Versign certificate just to make this headache go away.<p>I'm getting tired of trying certs and finding out they suck. I've heard GeoTrust is as good as Verisign (at $150/year) but I've heard people say that about GoDaddy too. It's hard to know who to trust. Pun intended.<p>In addition, I have no fricking clue how to debug what's <i>actually</i> causing these warnings, because a) I don't actually have access to test machines to see what's going on. And b) I don't know the first thing about how SSL chaining actually works. I could spend a week learning about SSL and HTTP requests, debugging and checking various browsers, but if I'm going to spend that time I might as well just buy a fricking VeriSign cert and spend that time coding.<p>There have been previous threads about this, but it seems like a lot of people's testing only went as far as "works for me!" I'd welcome experience from people who have actually dug deep into the situation with root certificates in various browsers.<p>And I haven't even started looking at mobile browsers yet.....
======
kuahyeow
You seem to be having chain issues. Consult back with your SSL provider for
documentation on how to install any intermediate certificates.

I use the following to help diagnose SSL problems:

[https://www.ssllabs.com/ssldb/analyze.html?d=secure.sproutro...](https://www.ssllabs.com/ssldb/analyze.html?d=secure.sproutrobot.com%2F)

[http://www.sslshopper.com/ssl-
checker.html#hostname=secure.s...](http://www.sslshopper.com/ssl-
checker.html#hostname=secure.sproutrobot.com)

~~~
erikpukinskis
Yeah, I do seem to be having chain issues. But what exactly those issues are,
or how to debug them is not clear to me. I cat'd my chained certificates into
my .pem file before I sent it to Heroku. So I'm not skipping that step,
although I must be doing it wrong.

This is a good example of something that would probably be easier to debug if
I was running my own server. Then I could just open up the nginx.conf and make
sure things are set right.

~~~
erikpukinskis
Ah, I think I figured it out. I was cat'ing the chained certificates in before
stripping the password from the .pem. Needed to do it at the end, just before
sending it to Heroku. Frickin' A.

------
gmyachtsman
If you have a link from a https page to a http page, including say to twitter,
you will get a warning. Once you are on your https page, if you go back to
your other pages, they will also show up using https, so it gets that much
harder.

------
erikpukinskis
Clickable: <http://browsershots.org/https://secure.sproutrobot.com/>

