| Sigh. I spent way too much time picking these particular certs and they've gone and messed it up. :) The cross-root cert should work, but you need to make sure it's presented in the right order, I think. FWIW, my latest RapidSSL-through-Namecheap certs were issued by: issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority And that's the "good"/trusted CA. I'm not sure when they made the switch, but I only got this cert issued a couple of months ago. FWIW, we also support Docomo phones, and that is a huge pain in the ass. The only CA that works there is: i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority If you don't need to support really old mobile devices, the best certs going are, IMHO, Digicert. They get chained all the way back to Entrust: 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV CA-1
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority And the company has some of the best customer service going anywhere. |
Not only that, they check your installed cert after you buy it and email you if you installed it incorrectly: http://www.digicert.com/help/