Comments on: GoDaddy SSL Certificates and Cannot Verify Identity on Mac/Safari

By: Harold

Harold — Fri, 17 Jun 2011 02:17:44 +0000

Perfect! Thanks for this- just the solution I needed.

By: Sole

Sole — Sat, 25 Dec 2010 16:20:59 +0000

The problem now also exist for GeoTrust certificates, that are now chained instead of single root. A quick way to test if the server is responding correctly with intermediate certificates is to test the website/server with an online ssl tester like http://www.ssltest.net. Most administrators miss this problem, because alot of browsers automatically fix this problem by downloading the intermediate for the user.

By: Advantages of LuxSci/Thawte SSL Certificates over Go Daddy | LuxSci FYI

Advantages of LuxSci/Thawte SSL Certificates over Go Daddy | LuxSci FYI — Mon, 04 Jan 2010 14:31:16 +0000

[...] will receive error messages when accessing your site, unless you take extra steps to install additional certificate chains on the web server. This could cost a business more than any difference in certificate [...]

By: Marcyes / GoDaddy SSL Certificates and Cannot Verify Identity on Mac/Safari « Boxed Ice Blog

Thu, 19 Nov 2009 18:01:56 +0000

[...] GoDaddy SSL Certificates and Cannot Verify Identity on Mac/Safari « Boxed Ice Blog This was the fix we used to finally get the SSL certificate up and running on Noopsi. [via blog.boxedice.com ] [ programming, server, ssl ] permalink Latest Updates from this link [...]

By: John Boxall

John Boxall — Mon, 31 Aug 2009 23:57:55 +0000

Thanks!

On NGINX you just need to append the cert bundle onto your existing cert:
$ cd /etc/ssl/certs/
/etc/ssl/certs$ wget https://certs.godaddy.com/repository/gd_bundle.crt
/etc/ssl/certs$ cat gd_bundle.crt >> myssl.crt

http://wiki.nginx.org/NginxHttpSslModule

By: Kevin

Kevin — Fri, 24 Jul 2009 02:18:49 +0000

Fantastic. This is exactly the problem I was having and this solution is just what I needed.

By: Fannar

Fannar — Wed, 24 Jun 2009 10:35:03 +0000

I had similar problem with Comodo (InstantSSL.com) and I was using NginX and couldn’t find a way to include Cert Chain File (ca-bundle etc.). So I appended the ca-bundle file to the certificate and used that as my certificate file.

I.e.

crt + ca > crt

cp domain.com.crt comodo.ca-bundle > domain.com_ca.crt

And in Nginx config:

ssl_certificate /etc/ssl/certs/domain.com_ca.crt;
ssl_certificate_key /etc/ssl/private/domain.com.key;

By: MLH

MLH — Tue, 16 Jun 2009 06:00:53 +0000

This issue is usually caused by issues with not installing the intermediate certificates (root certificates as referenced). The intermediate certificate can be downloaded by clicking on the link embedded in the email message you receive upon certificate issuance. It is also available from the repository on http://certificates.starfieldtech.com/Repository.go. The Godaddy root certificate – the Valicert Class 2 Policy Validation Authority – is installed in the following browser versions:
-Internet Explorer 5.01 and higher
-AOL 5 and higher
-Netscape 4.7 and higher
-Opera 7.5 and higher
-Safari on Mac OS X 10.3.4 and higher
-Mozilla (all versions)
-Firefox (all versions)
-Konqueror (all versions
-Palm OS 6.1 and higher (also Treo 650)
-BlackBerry OS 4.1 and higher
-Sony Playstation Portable 2.5 and higher
-Microsoft Windows Mobile 2005 AKU 2 and higher
-Sun Java Runtime (JRE) 1.4.2_07 and higher and 1.5.0_02 and higher
-ACCESS NetFront 3.3 and higher
-Cingular WAP Gateways (any Cingular phone which uses WAP version 1.X for Web browsing)

*Many Nokia devices manufactured in 2007 and later
Apple iPhone (both EDGE and 3G)

By: Jason Pearce

Jason Pearce — Thu, 21 May 2009 13:35:51 +0000

I experienced this problem this week. I have two subdomains, each with a GoDaddy certification. Mac Safari trusted one, but not the other.

Ends up that the Netgear ProSafe VPN Firewall FVS336G that I installed the GoDaddy certification is unable to provide the full issuing certificate chain all the way back to the root SSL certificate, even though I have installed the gd_bundle.crt on the Netgear.

I’ve invested a week in setting up SSL VPN on this Netgear with many hours of tech support on the phone. If anyone is considering this product, I don’t advise it.

Thanks for sharing this tip.

By: David M

David M — Mon, 11 May 2009 21:40:12 +0000

I didn’t mention it but the same issued applied for the regular certificate for http://www.boxedice.com as well. Perhaps it is due to ISS / Apache differences.