Hi, I noticed your server certificate is issued by a commonly trusted authority but in some circumstances clients still have difficulties validating it.
The reason for that is that your certificate is issued by "CN = Starfield Secure Certification Authority" which is an intermediate certificate authority (issued by "OU = Starfield Class 2 Certification Authority"). Debian's ca-certificates (ver. 20090814+nmu2) comes with "OU = Starfield Class 2 Certification Authority" which is considered to be trusted. To allow an SSL/TLS client to validate all the chain up to a trusted root CA, it should have all the certificates in the chain. With Apache it's usually done with "SSLCertificateChainFile" option. Manual testing is possible with: openssl s_client -connect dev.openwrt.org:443 -CApath /etc/ssl/certs/ HTH -- Be free, use free (http://www.gnu.org/philosophy/free-sw.html) software! mailto:fercer...@gmail.com _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
