Custom domain SSL issue
Rodrigo Ferreira
Can someone help me figure out what is wrong with this SSL certificate installation on GAE?
I get a net::ERR_CERT_AUTHORITY_INVALID error on Chrome and a SEC_ERROR_REVOKED_CERTIFICATE on Firefox.
The certificates were issued by StartSLL.
I have tested the installation with multiple online SSL checking tools, all seem fine. The only one that hints a problem is https://www.htbridge.com/ssl/ where I get "Server sends an unnecessary root certificate.", but I tried removing the root certificate from the chain and the problem persists.
A similar setup of a different domain with the same certificate chain works fine on AWS+Nginx. It makes me think that this is something related to GAE. Maybe the StartSSL root certificate has been revoked on GAE? Does this make sense? I have made many deployments of SSL installations but I am far from an expert.
Nick (Cloud Platform Support)
It appears this is expected behaviour as Startcom root certificates are distrusted by Google and Chrome. See this Google Security Blog post for details.
So, it seems you should get a new root certificate authority. Let me know if you have any further questions!
Cheers,
Nick
Cloud Platform Community Support