He stressed that this should only be validated if you are sending SNI.
There are some situations that exist that could lead to the client software not being able to connect to Google using SSL when the upgrade is complete.
It installs to prefix /usr/local/ssl by default in your setup when you leave off the prefix.
You probably have "/usr/local/ssl/bin/openssl" instead of overwriting /usr/bin/openssl.
Mc Henry assured users the changes won't cause problems for most client software, but does state that certain configurations will require taking extra steps in order to avoid problems. He said that this is the software embedded in devices like tablets, phones, gaming consoles, set-top boxes, printers, and cameras.
In order to make sure things go well, any client software that connects to Google using SSL connections (like HTTPS) should do the following as quoted from Mc Henry's blog post.: Google points out Windows Vista, 7, and 8 systems could run into trouble: “Windows Vista, 7, and 8 will phone home to get updated Roots if the chain goes back to a Root they do not recognize.
Google To Update SSL Certificates In an ever-changing industry, one that is full of malicious activity and hackers against cheap hosting sites and mobile apps, Google has announced they are upgrading their SSL certificates to 2048-bit keys by the end of this year.
Note: The Graphical User Interface for Net Scaler software release 10 and later is different than Net Scaler 9.3.XP does not, but the latest updated version does trust the root certificate we will be using.” Mc Henry also told users clients should support the Server Name Indication (SNI) extension due to the fact these clients might need to make an additional API call in order to set the hostname on an SSL connection.If a client is unsure about SNI support, it can be tested against the URL https://googlemail You can also download the server certificate from the CA's website directly.Remember to select the Apache Certificate option when downloading the certificate.