Solved

Godaddy SSL not working right in Safari

Posted on 2008-10-10
4
4,132 Views
Last Modified: 2011-10-19
Recently installed a godaddy ssl certificate. It's working fine in FF and IE, but in Safari we get the error "Safari can't verify the identity of the website ... ". After clicking continue and viewing the certificate by clicking the lock it says "This certificate was signed by an unknown authority"

Furthermore, when I look at a working ssl by going to say, https://godaddy.com... It shows a hierarchy with valicert on top.

With ours, there's no heirarchy - just www.ourdomain.com.

0
Comment
Question by:susanBuck
  • 3
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22687313
You probably need to install the root certificate chain (root, intermediate, subordinate, etc.) for godaddy.  Most commercial CA's will include that in their email or a link to it, which would be best to get the correct root CA cert as godaddy uses a couple different ones over time.  Valicert is the most commonly used one, although they do use a few others - agian your email from them would probably mention which one you need, if not you could contact their tech support to determine which one to use.  You would want to do this on both the server and on each client.  Its easiest to push the certificate to your clients, presuming you have that capability set up for your Apple boxes.  For your clients, you could probably download the latest version of Safari - it may be included in a more recent version (maybe, depending on which root).

Here is a link for their instructions for your webserver:
https://certs.godaddy.com/InstallationInstructions_alt.go

Here is the link for their root cert repository
https://certs.godaddy.com/Repository.go#root_der

To install the root cert, it should go something like:
1) Download the .crt file for the appropriate root CA chain
2) 'View Certificates' to make sure it is what you expect
3) Select 'X509Anchors' from the 'Keychain' dropdownlist and press 'OK'.
4) You will be asked to authenticate yourself. After that, the certificate will be installed.
0
 

Author Comment

by:susanBuck
ID: 22690824
I'm not exactly sure which root cert im supposed to be using? Below is my settings in virtual host.

In this iteration I have it set to valicert_class2_root.crt but i've tried ca_bundle.cert, gd_bundle.crt, gd-class2-root.crt (all the ones ive seen mentioned for in topics of people having similar problems).


#ssl config

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.mydomain.com.key

SSLCertificateChainFile /etc/httpd/conf/ssl.crt/valicert_class2_root.crt 

Open in new window

sslBad.png
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22712924
Yep, looks like this is coming from their own CA - this is the 'new' one that was added to most root cert programs over the last year or so for many programs, not sure how many things they have worked their way into yet.

Here's the root you want:
https://certs.godaddy.com/repository/gd-class2-root.crt
Go Daddy Class 2 Certification Authority Root Certificate
gd-class2-root.crt
Certificate Thumbprint Algorithm: sha1
Certificate Thumbprint: 27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4


Here's the intermediate you want:
https://certs.godaddy.com/repository/gd_intermediate.crt
Go Daddy Secure Server Certificate (Intermediate Certificate)
gd_intermediate.crt
Certificate Thumbprint Algorithm: sha1
Certificate Thumbprint: 7C 46 56 C3 06 1F 7F 4C 0D 67 B3 19 A8 55 F6 0E BC 11 FC 44
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22713024
Ack, forgot their old intermediate was called the same thing!  From the screenshot, you can click on the the Details for more information to make sure.  There's still a good chance of it though.  If this is just for one or two boxes, you could go through the details and open up each cert leading up to the root and click the Trust button and that should do it also.  
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reverse Proxy Server 6 78
How to find Tomcat initial memory and Max memory through command line windows 12 143
Updating PHP in Windows Server 2012 r2 22 100
SSL sertificate 5 57
This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now