Nexus Player does not support some newer SSL certificates that are supported by Chromecast

[GoogleCodeExporter]

I updated recently the http server hosting my cast receiver to use a newer SSL 
certificate making use of an intermediate CA named "RapidSSL SHA256 CA - G3":

https://ssl-tools.net/certificates/nakw2x-rapidssl-sha256-ca-g3

The Chromecast loads the receiver just fine, but not the Nexus Player.

Please add support for this certificate in the Nexus Player, and ensure that 
both the Nexus Player and the Chromecast support the same certificates. 

Original issue reported on code.google.com by pujos.mi...@gmail.com on 4 Feb 2015 at 6:23

[GoogleCodeExporter]

Chromecast doesn't actually have that CA either.

Rather, Chromecast supports AIA to fetch missing intermediate certificates, if 
your server doesn't communicate the intermediate cert. Unfortunately, Android 
across the board doesn't support AIA. I expect if you try to navigate to your 
receiver page over HTTPS in Android Chrome, it will present a certificate error 
for the same reason. (We've already seen this happen with about a dozen 
receiver applications and have been working with them to fix it).

I recommend trying to check your domain at https://www.ssllabs.com/ssltest/ and 
make sure it doesn't list any "extra downloads". You should configure your site 
to return the intermediate CA cert along with your cert.

Original comment by gun...@google.com on 5 Feb 2015 at 1:54

[GoogleCodeExporter]

Thank you for your detailed explanation.
I've fixed it so the intermediate cert is sent by the server.

Original comment by pujos.mi...@gmail.com on 5 Feb 2015 at 11:16

[GoogleCodeExporter]

Original comment by jonathan...@google.com on 5 Feb 2015 at 10:15

• Changed state: Invalid