Protip: an incomplete TLS certificate chain will force an interstitial warning on mobile browsers! On desktop, most browsers will automatically fetch the missing intermediary certificates, which will mask the problem, but on mobile the behavior is exactly the opposite: most browsers will throw an interstitial warning like the one you see below... and you definitely don't want that. Terrible user experience, terrible performance, terrible everything!
How do you know that your servers are configured correctly? You can use a tool like Qualys SSL Server Test [1] to run a check -- it'll flag missing certificates in its report. Also, as a general tip... don't forget to test on real mobile browsers. That'll help you catch stuff like this.
For more on optimizing the certificate chain, relevant HPBN section: http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#_certificate_chain_length
reference: https://plus.google.com/u/0/+IlyaGrigorik/posts/XZbup6LjoTF
No comments:
Post a Comment