SSL is working for Desktop but not for Mobile

Digital Certificates SSL Certificate
1

SSL is working for Desktop but not for Mobile

I received the 4 files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
paprikaonline_com_br.crt

My server is ubuntu, I did as the indicated support, put the files in a directory, did the notes in apache and restarted the same.

<VirtualHost *:443>
ServerName paprikaonline.com.br
ServerAlias www.paprikaonline.com.br
ServerAdmin webmaster@paprikaonline.com.br
DocumentRoot /var/www/html

<files xmlrpc.php>
  order allow,deny
  deny from all
</files>

    <Directory /var/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on

    SSLCertificateFile /home/loja/ssl/paprikaonline_com_br.crt
    SSLCertificateKeyFile /home/loja/ssl/HSSL-57aa136bb9272.key
    SSLCACertificateFile /home/loja/ssl/paprikaonline_com_br.crt
    SSLCACertificateFile /home/loja/ssl/paprikaonline_com_br.crt


    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

It still did not work

In the sequence I unified the first two files AddTrustExternalCARoot.crt and COMODORSAAddTrustCA.crt into only 1, generating the paprika.com.br.ca-bundle

The new config is:

<VirtualHost *:443>
ServerName paprikaonline.com.br
ServerAlias www.paprikaonline.com.br
ServerAdmin webmaster@paprikaonline.com.br
DocumentRoot /var/www/html

<files xmlrpc.php>
  order allow,deny
  deny from all
</files>

    <Directory /var/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on

    SSLCertificateFile /home/loja/ssl/paprikaonline_com_br.crt
    SSLCertificateKeyFile /home/loja/ssl/HSSL-57aa136bb9272.key
    SSLCACertificateFile /home/loja/ssl/paprikaonline_com_br.crt
    SSLCertificateChainFile /var/www/html/paprika.com.br.ca-bundle  <<--- new file


    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

SSL works on both the computer and the mobile phone.

2

You need to cat your CA certificates in to one file, since you did not get a pre-made bundle. If I connect to your site with OpenSSL’s s_client, I see a missing Intermediate CA

---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=paprikaonline.com.br
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---

You can create your own bundle by doing the following:

cat COMODORSADomainValidationSecureServerCA.crt ComodoRSAAddTrustCA.crt AddTrustExternalCARoot.crt > yourDomain.ca-bundle

Support Link: How do I make my own bundle file from CRT files?

Alternatively, you can download the pre-made bundle from the support site… comodo-rsa-domain-validation-sha-2-w-root.ca-bundle (via support.comodo.com)