[SOLVED] iOS Safari Not Trusted


#1

When I go to my website in Desktop Chrome, Mobile Chrome, or Desktop Safari, my site is trusted and everything is fine and dandy. However, whenever I go to mobile Safari it is untrusted. The server MeanJS and I referenced the cert.pem and the privkey.pem as that was the only ones to input in the config file. Am I missing something or is iOS Safari not supported yet?

Thanks

EDIT: Website if anybody wants to try it: https://awesomevote.xyz


#2

BTW pretty bad SSL config: https://www.ssllabs.com/ssltest/analyze.html?d=awesomevote.xyz&latest


#3

Thanks, how can I fix that protocol mismatch that fails iOS 9?


#4

Ah right. So it’s possibly not a trust, but a connection issue.
However according to SSLLabs Safari 9 / iOS 9 should work with your site and choose TLS v1.0 and TLS_RSA_WITH_AES_256_CBC_SHA (0x35).

However I’d recommend you to improve your config (including the cipher list - 3 non-Forward-Secrecy ciphers may not be the optimal decision :wink: ) - this may also fix the connection issue if this is the problem.


#5

Do you send the full certificate chain ?

Take a look here:


#6

@drakee510 In addition to @rugk comments, I think that the first thing you should take care is to provide the certificate in the right way, I mean, you are not providing the chain for the certificate. You should configure your web server (as far as I can see is express node js) to use the cert, the private key and the chain cert or maybe the fullchain.

Sorry, I never used that kind of server but first try to change cert.pem by chain.pem and try again, if that doesn’t work try with fullchain.pem and if that doesn’t work too, take a look to the docs to see how you should specify the cert, the key and the chain.


#7

Thanks everyone, using the fullchain worked in place of the cert. I’m using MeanJS and there is little documentation on SSL, there is only a spot for CERT and PRIVKEY in the config files. Providing fullchain for the cert option seemed to fix the issue.


#8

What the…? Why does this link get so much clicks?