Banging My Head Against SSL Certificates

I'm so glad that Chrome is a secure browser.

No, really.

I got a free SSL server certificate from StartSSL.com, installed it, and tested access to my site. But Chrome gave the BAD SSL icon. So I installed the certificate a little differently. Same result. Yet a different way. Still the same result.

It wasn't until I actually looked up the error message that I learned that Chrome was head and shoulders more secure than any other browser out there, supporting Certificate Transparency (CT), and the Certificate Authorities aren't keeping up (some, like StartSSL, by choice).

The short version is that Chrome supports a new SSL initiative, promoted by Google, to have browsers compare a website's SSL certificate with a log database published by the certificate authorities. If the certificate authority won't verify the issuance of the certificate in real time, Chrome indicates that the SSL connection is not as good as it could be.

I don't know of any other browsers that use CT. And because I didn't actually read Chrome's error message until two hours into my debugging and troubleshooting, my education about CT came at a high price of hours of head-banging.

Ah, the tuition costs at the School of Hard Knocks.