[android stock 2.2] login.{mozilla,allizom}.org lacks equifax cross-root certificate

[jrgm]

@mostlygeek: Ask @gene1wood - we need this to not have ssl certificate issues on, ugh, the lamer-than-ie8 stock browser on android 2.2

[gene1wood]

Here's the cross root cert to add to the chain : https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1426&actp=search&viewlocale=en_US&searchid=1283360269668

[vladikoff]

Related issue https://github.com/mozilla/browserid/issues/3633

[gene1wood]

@vladikoff I don't think that issue relates to this one. I believe this issue is a straight forward cross root certificate issue which we know how to solve. The issue you referenced is not related to cross root issues and is something else that we haven't yet identified.

[vladikoff]

@gene1wood ohhh, so many 2.2 issues :\

[mostlygeek]

thanks @gene1wood. I added the cert to the chain. Redeploying the staging server so @jrgm can test it again.

[mostlygeek]

@jrgm the staging server (https://login.allizom.org) has been updated with the cross root cert added to the chain. Could you please check with Android 2.2 again to see if that resolves the issue?

[jrgm]

@mostlygeek On login.allizom.org, I see the equifax cross-root in the chain, and this android stock 2.2 browser no longer shows a warning.

I don't see the same things for login.mozilla.org, and you're probably going to change it there (after I confirm here). So, yeah, do that.

[mostlygeek]

@jrgm great. We're hoping to do a push for Moz-IdP sometime this week when the QA is finished. That should resolve this issue for login.mozilla.org then.

[shane-tomlinson]

@jrgm - "lamer-than-ie8 stock browser on Android 2.2" has just made my day.