Ping a Specific Port

Question

BillN

Asked: 2009-07-23 16:13:32 +0800 CST2009-07-23 16:13:32 +0800 CST 2009-07-23 16:13:32 +0800 CST

SSL Cert Vendors

772

We have a website that has an SSL Certificate from GoDaddy. Our Japanese Office is reporting that some of their clients cannot access the secure site via their mobile phone. Apparently one of the major carriers does not have root certs for GoDaddy.
Other than picking a cert from another vendor, what are our options?

Update: The reason we cannot easily change the cert vendor is the site is hosted by our software vendor, so I'm sort of at their mercy.

4 Answers

Voted

Jeremy Bouse · Answer 1 · 2009-07-23T16:57:35+08:00

Jeremy Bouse

2009-07-23T16:57:35+08:002009-07-23T16:57:35+08:00

Typically if the SSL vendor signs your certificate with an intermediate cert, they provide you the intermediate cert to install on your server as the CA cert. The intermediate cert should then be signed by the cert that is installed in the browser. Did you not install the intermediate certificate?

2

djangofan · Answer 2 · 2009-07-23T17:06:53+08:00

djangofan

2009-07-23T17:06:53+08:002009-07-23T17:06:53+08:00

Each phone has some sort of webbrowser and that browser has a certificate store but usually there is no way to import certs permanently into those browsers. I'd guess that you probably need to figure out how to host the proper cert on your site so that the cell phone can download and TEMPORARILY install the cert chain (for the current session) before it starts the web transaction with your site.

Please dont mark me down for this. Im just trying to help.

2

user14015 · Answer 3 · 2009-07-23T19:01:28+08:00

Best Answer

user14015

2009-07-23T19:01:28+08:002009-07-23T19:01:28+08:00

You're pretty much up the creek without a paddle. Verisign used to be the safest vendor to use. These days Thawte is safe as well.

Here's one of the few handset specifications in English here: http://communaute.imode.fr/pages/13/i-mode_Handset_specification_N343i.pdf

Its a 2005 model - but shows in the specs the SSL providers supported. The newer models do support more providers, but better to be safe than sorry.

The only other way would be allow the site over http and for the http version restrict it to the ip range for mobiles from Docomo, AU, Softbank, Willcom and E-Mobile. Somewhat of a security hole and not something I'd recommend - but I guess an option depending on the content. For the IP ranges - you'll probably have to get your Japanese office to do some googling or contact the companies. I know they used to be available.

2

KPWINC · Answer 4 · 2009-07-23T17:48:03+08:00

KPWINC

2009-07-23T17:48:03+08:002009-07-23T17:48:03+08:00

I've used both RapidSSL and InstantSSL in the past. Depending on what cert you're looking for the prices are different so I recommend shopping the two sites for the best price.

I also recommend calling them up and seeing if you can get an even cheaper price (I've done it but can't remember which one) although you typically need to go multiple years or wildcard cert. Nobody wants to give a discount on a dirt cheap single cert. :-)

RapidSSL

http://www.rapidssl.com

InstantSSL

http://www.instantssl.com

0

SSL Cert Vendors

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?