[thelist] GoDaddy SSL Verification

Ken Schaefer Ken at adOpenStatic.com
Wed Jul 16 04:56:06 CDT 2008

> -----Original Message-----
> From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org]
> On Behalf Of Fred Jones
> Subject: Re: [thelist] GoDaddy SSL Verification
> On Wed, Jul 16, 2008 at 2:47 AM, Ken Schaefer wrote:
> > You probably have a certificate chaining issue. FF2 maintains its own
> trusted root and intermediate cert store (from what I recall).
> >
> > Did you install all the intermediate CA certs onto your webserver?
> No--I was not aware of such an issue actually. How does one do that?

OK - if you have look at the cert chain you have the following:

GoDaddy Class 2 Certification Authority
  +- GoDaddy Secure Certification Authority
      + YourWebSiteCommonName (obfuscated to protect the guilty)

I checked in FF2, and the root CA is a trusted root CA. However the intermediate/subordinate CA doesn't appear to be there.

Depending on your webserver software, follow the appropriate link here:

Most browsers will basically be able to request a certificate chain from the webserver as part of the SSL/TLS handshake as long as the chain ends in an existing trusted root CA. So, you add the intermediate CA certs to your webserver, and the browser is able to request those intermediate certs as long as GoDaddy Class 2 CA is an existing trusted root CA.

Some mobile browsers (and possibly other non-mainstream devices/clients/browsers) are unable to do this, so they need to have every CA in the chain in the trusted root CA store, or the Intermediate CA store. In that case, you are better off buying from one of the more established parties if you have no mechanism for installing those CA certs manually on the device.


M.BT (UNSW), B.Com
Microsoft MVP  - Windows Server (IIS)
MCITP (x3), MCTS (x7)
MCSE + Security (2003)
MCDBA (2000)

More information about the thelist mailing list