The Equifax certificate is there, but the problem is with the intermediate CA's certificate (Google's), which isn't found.
If it works for you on Windows 7, maybe you have Google's CA certificate installed. This would certainly make the error go away, but we can't ask users to do this (because most won't). @James: This is not a limitation of wildcard certificates because it works on Firefox but also with all browsers I've tested on Windows XP and OS X (including Safari, which shows the error on Windows 7). Best regards, On Aug 27, 2:36 am, Matthew Blain <matthew.bl...@google.com> wrote: > This works for me on Windows 7. It's possible that the root > certificates on your Windows machine are somehow missing the Equifax > Secure Certificate Authority root certificate (also sometimes listed > as GeoTrust)? Have you edited your list? I see a suggestion online to > also check Windows Updates to see if there's a certificate update, > though I believe this is not a recent CA. > > --Matthew > > On Aug 26, 10:45 am, Robert Kluin <robert.kl...@gmail.com> wrote: > > > Interesting. You are right, I probably checked using a XP vm not a Win 7 > > vm. > > > On Thu, Aug 26, 2010 at 10:44, Carlos Rodrigues <cefrodrig...@gmail.com> > > wrote: > > > BTW, this is not a problem exclusive to GAE. The certificate for > > > "code.google.com" also seems to have changed recently and I just got a > > > warning from TortoiseSVN that the new certificate cannot be validated > > > because the certificate chain is incomplete. > > > > Best regards, > > > > On Aug 26, 3:42 pm, Carlos Rodrigues <cefrodrig...@gmail.com> wrote: > > >> Since the problem only happens with browsers that rely on Windows' > > >> certificate infrastructure, the version of Windows matters. > > > >> I've tested with IE 8 on Windows 7 and Windows Server 2008 and the > > >> problem occurs; > > >> I've also tested with IE 7 on Windows XP and Windows Server 2003 and > > >> the problem does not occur; > > > >> I did not test with Windows Vista. > > > >> It seems that older versions of Windows follow the certificate chain > > >> (by downloading it from somewhere), while the more recent versions > > >> only follow it if the webserver itself provides the intermediate CA's > > >> certificate (as I said, I've tested with other sites that use > > >> intermediate CAs and they show no errors - because the intermediate > > >> CA's certificate is being provided by Apache using the option I > > >> mentioned before). > > > >> Best regards, > > > >> On Aug 25, 10:19 pm, Robert Kluin <robert.kl...@gmail.com> wrote: > > > >> > I only get a certificate error if I go tohttps://test.xx.appspot.com. > > >> > I do not get errors going tohttps://xx.appspot.com. > > > >> > I tested with IE and Chrome and Windows. > > > >> > Robert > > > >> > On Wed, Aug 25, 2010 at 05:27, Carlos Rodrigues > > >> > <cefrodrig...@gmail.com> wrote: > > >> > > Hi again, > > > >> > > Any ideas? This is a show-stopper as far as secure applications go... > > > >> > > Best regards, > > > >> > > On Aug 23, 12:39 pm, Carlos Rodrigues <cefrodrig...@gmail.com> wrote: > > >> > >> Hi all, > > > >> > >> I'm developing a small application on GAE that requires HTTPs, > > >> > >> however > > >> > >> I'm having some trouble with the "*.appspot.com" certificate. > > > >> > >> O Chrome, Safari and IE on Windows I get a certificate validation > > >> > >> error. This error appears to be related to the certificate > > >> > >> validation > > >> > >> path, because the topmost authority is "Google Internet Authority" > > >> > >> and > > >> > >> show as "Not found". > > > >> > >> On Firefox there is no error, and the certificate chain correctly > > >> > >> shows Equifax as the root CA and "Google Internet Authority" as an > > >> > >> intermediate CA. > > > >> > >> On the Mac both Firefox and Safari work without showing any errors. > > > >> > >> Is there a way around this? I can't expect users to trust the > > >> > >> application if they get a certificate error on Windows in every > > >> > >> browser except Firefox. > > > >> > >> So a summary of tested browsers: > > > >> > >> * Internet Explorer 8 (Windows): error > > >> > >> * Safari (Windows): error > > >> > >> * Safari (OS X): OK > > >> > >> * Chrome (Windows): error > > >> > >> * Firefox (Windows): OK > > >> > >> * Firefox (OS X): OK > > > >> > >> It appears that browsers which use the integrated certificate > > >> > >> infrastructure on Windows are affected, and others are not. > > > >> > >> I know that Windows supports intermediate CAs because I've tested > > >> > >> it. > > >> > >> But it seems to require that the website itself provides the > > >> > >> intermediate CAs certificate (for example, on Apache this would be > > >> > >> the > > >> > >> "SSLCertificateChainFile /path/to/intermediate-ca.crt" option). > > > >> > >> Google App Engine does not appear to do this. > > > >> > >> Best regards, > > >> > >> Carlos Rodrigues > > > >> > > -- > > >> > > You received this message because you are subscribed to the Google > > >> > > Groups "Google App Engine" group. > > >> > > To post to this group, send email to > > >> > > google-appeng...@googlegroups.com. > > >> > > To unsubscribe from this group, send email to > > >> > > google-appengine+unsubscr...@googlegroups.com. > > >> > > For more options, visit this group > > >> > > athttp://groups.google.com/group/google-appengine?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Google App Engine" group. > > > To post to this group, send email to google-appeng...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > google-appengine+unsubscr...@googlegroups.com. > > > For more options, visit this group > > > athttp://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
