I have a WordPress 3.5 application set up on IIS8 on Server 2012. I also have an extension written by WordPress called JetPack which performs activation over jetpack.wordpress.com, using the "*.wordpress.com" SSL certificate, which is a Go Daddy wildcard cert. When I attempt to activate the extension, I get "self signed certificate in certificate chain". Running NetMon, during SSL/TLS negotation, it looks like it is attempting to nego TLS 1.0. However, after the TLS Rec Layer-1 HandShake: Client Hello from the jetpack.wordpress.com server to my server, my server sends back a TLS Rec Layer-1 Encrypted Alert. The hex of the frame is:
54 7F EE 53 98 C1 00 15 5D 46 B9 46 08 00 45 02 00 2F 54 CD 40 00 80 06 5E 65 0A 4C FE 44 4A C8 F4 3B C0 CF 01 BB 11 E3 12 BE 6D 73 DA AC 50 18 01 FE EE E1 00 00 15 03 01 00 02 02 30
My understanding, from http://blogs.msdn.com/b/sudeepg/archive/2009/02/16/debugging-ssl-handshake-failure-using-network-monitor-a-scenario.aspx, is that 30 hex (48 dec) translates to "unknown_ca" in the TLS spec. My thought is that there is a cert in the chain that is untrusted, although connecting to the site via IE10 on the server itself doesn't display any issues.
Any thoughts? I've done the whole import-the-chain game and have not been able to resolve it.
The server is running WordPress 3.5, PHP 5.4 with the OpenSSL extension enabled, FastCGI, and Windows Cache Extension 1.3 for PHP 5.4.