?
Solved

Godaddy SSL not working right in Safari

Posted on 2008-10-10
4
Medium Priority
?
4,171 Views
Last Modified: 2011-10-19
Recently installed a godaddy ssl certificate. It's working fine in FF and IE, but in Safari we get the error "Safari can't verify the identity of the website ... ". After clicking continue and viewing the certificate by clicking the lock it says "This certificate was signed by an unknown authority"

Furthermore, when I look at a working ssl by going to say, https://godaddy.com... It shows a hierarchy with valicert on top.

With ours, there's no heirarchy - just www.ourdomain.com.

0
Comment
Question by:susanBuck
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22687313
You probably need to install the root certificate chain (root, intermediate, subordinate, etc.) for godaddy.  Most commercial CA's will include that in their email or a link to it, which would be best to get the correct root CA cert as godaddy uses a couple different ones over time.  Valicert is the most commonly used one, although they do use a few others - agian your email from them would probably mention which one you need, if not you could contact their tech support to determine which one to use.  You would want to do this on both the server and on each client.  Its easiest to push the certificate to your clients, presuming you have that capability set up for your Apple boxes.  For your clients, you could probably download the latest version of Safari - it may be included in a more recent version (maybe, depending on which root).

Here is a link for their instructions for your webserver:
https://certs.godaddy.com/InstallationInstructions_alt.go

Here is the link for their root cert repository
https://certs.godaddy.com/Repository.go#root_der

To install the root cert, it should go something like:
1) Download the .crt file for the appropriate root CA chain
2) 'View Certificates' to make sure it is what you expect
3) Select 'X509Anchors' from the 'Keychain' dropdownlist and press 'OK'.
4) You will be asked to authenticate yourself. After that, the certificate will be installed.
0
 

Author Comment

by:susanBuck
ID: 22690824
I'm not exactly sure which root cert im supposed to be using? Below is my settings in virtual host.

In this iteration I have it set to valicert_class2_root.crt but i've tried ca_bundle.cert, gd_bundle.crt, gd-class2-root.crt (all the ones ive seen mentioned for in topics of people having similar problems).


#ssl config
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/valicert_class2_root.crt 

Open in new window

sslBad.png
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 22712924
Yep, looks like this is coming from their own CA - this is the 'new' one that was added to most root cert programs over the last year or so for many programs, not sure how many things they have worked their way into yet.

Here's the root you want:
https://certs.godaddy.com/repository/gd-class2-root.crt
Go Daddy Class 2 Certification Authority Root Certificate
gd-class2-root.crt
Certificate Thumbprint Algorithm: sha1
Certificate Thumbprint: 27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4


Here's the intermediate you want:
https://certs.godaddy.com/repository/gd_intermediate.crt
Go Daddy Secure Server Certificate (Intermediate Certificate)
gd_intermediate.crt
Certificate Thumbprint Algorithm: sha1
Certificate Thumbprint: 7C 46 56 C3 06 1F 7F 4C 0D 67 B3 19 A8 55 F6 0E BC 11 FC 44
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22713024
Ack, forgot their old intermediate was called the same thing!  From the screenshot, you can click on the the Details for more information to make sure.  There's still a good chance of it though.  If this is just for one or two boxes, you could go through the details and open up each cert leading up to the root and click the Trust button and that should do it also.  
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question