GoDaddy SSL Not Working

I got a 'Turbo SSL' cert from GoDaddy a few months ago. It installed and seemed to function fine, but I've been getting e-mail from lots of people saying my site is popping up 'Security Alert - issued by a company you have not chosen to trust' in IE, and 'Website Certified by an Unknown Authority' in Mozilla. It loads fine for me though, no warnings.

GoDaddy has install instructions for quite a few servers and control panels but not DA, they say contact your software vendor . . . I followed the DA help file (http://www.site-helper.com/ssl.html) and, like I said, it was flawless on my system.

What should I do now?

Sorry.

http://www.smith-southwestern.com/

and, of course,

https://www.smith-southwestern.com/

GoDaddy's tech support is telling me that the server is not offering the 'intermediate' certificate.

Currently I have three certs in the SSL page, it looks like this:

-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This one is my certificate from GoDaddy
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Here is the intermediate certificate
(sf_issuing.crt)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Finally, the CA Root Certificate
(valicert_class2_root.crt)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

Your httpd.conf file for that domain should have all three of these entries:

SSLCertificateFile /path to certificate file/your issued certificate
SSLCertificateKeyFile /path to key file/your key file
SSLCertificateChainFile /path to intermediate certificate/sf_issuing.crt

I am guessing yours does not include the SSLCertificateChainFile setting pointint to your sf_issuing.crt file.

BINGO!

A fabulous no-prize and a virtual beer for toml!

The /usr/local/directadmin/data/users/..../httpd.conf had:
SSLCertificateFile /usr/local/directadmin/data/users/...My Cert
SSLCertificateKeyFile /usr/local/directadmin/data/users/...Key File
SSLCACertificateFile /usr/local/directadmin/data/users/...CA Cert

but no entry for SSLCertificateChainFile

I added the an entry for it between SSLCertificateKeyFile and SSLCACertificateFile,
restarted Apache and now everything resolves nicely.

The chain certificate can easily enough be added from the SSL screen when logged in to DA as the user who owns the website.

Jeff

That is what I was expecting, but people browsing the site said it wasn't working. I did notice that the SSLCertificateFile file contained all three certs (as listed above). When I did the edit to httpd.conf I also edited SSLCertificateFile so that it only listed my cert. Now the SSL screen in DA looks like this:

-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This one is my certificate from GoDaddy
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

With no mention of either the chaining cert or the CA . . . But it is working now.

If GoDaddy supplied a cert file with multiple certs then they should have documented how to use it.

Jeff

They have instructions for (15) different configurations, just not DA . . .

https://certificates.godaddy.com/InstallationInstructions.go

GoDaddy Turbo SSL step by Step?

I got a little lost on this thread. What's the step-by-step for installing the GoDaddy Turbo SSL and eliminating the FireFox warning message?
This has been an exceptional hassle. I do appreciate your help.
I have the cert GoDaddy issued plus download the root certs etc from the repository.
www.MYDOMAIN.com.crt gets pasted below private key in user SSL.

I did the "click here to add root" and pasted sf-class2-root.crt and checked the box for Use CA Cert.

I think this is correct, but apparently I need to put sf_intermediate.crt somewhere.
???

Was anyone able to resolve this? We're having the same problem - works fine in IE, disastrous in Firefox: https://www.tuaregjewelry.com

Does it work in IE7?

It appears that FF doesn't recognize the cert issuer (GoDaddy). Did GoDaddy give you multiple certs to install? If so, then you have to install the "other" one into DA.

Look here and search for Step 4: Install the CA Root Certificate.

If this doesn't help, Check with GoDaddy support. They have very good telephone support.

Jeff

Very odd - I've done all that - it works in IE7 and I already have a CA certificate installed - still problems in Firefox.

I have spoke with GoDaddy support a few times and they don't offer DirectAdmin support - they keep referring me back to my hosting provider.

Any other ideas?

They've provided 3 files:

sf_issuing.crt <- this is the one I've used in the CA field
gd_intermediate_bundle.crt
www.tuaregjewelry.com.crt

Try the bundle crt in the CA field.

Try both, one after the order.

Try them in reverse order .

Let us know.

Jeff

Putting the bundle in the CA field screwed things up and brings up the snakeoil.dom certificate and breaks things in IE. Weird.

Godaddy certs have to be installed via ssh. There is no way to do it through DA that I know of. I have tried many different ways and doing it via ssh was the only way I could do it. DA does not write all three files that are needed and if you do it through ssh DA still does not even see that there are three files there.

You need to edit the user's httpd.conf file directly through ssh and also write the 3 cert files.

Since just a regular user cannot ssh in and access the httpd.conf file I just offer to do it myself for my customers.

So tell me, what is it about GoDaddy certs that make people want to use them instead of certificates that are easy to install? Is it the price? Or is is it that you can get a domain for only $1.99 more?

We recommend you keep your clients away from GoDaddy if possible, since GoDaddy most likely competes with you on everything you sell.

Jeff

Funny, has anyone noticed this yet?

Godaddy's own ssl certs were issued by starfieldtech:
http://www.starfieldtech.com/products/webserver_certificate.htm

So go there and click on "become a reseller" points you to:
http://www.wildwestdomains.com/gdsh...ldtech.com/products/webserver_certificate.htm

Now open both that site and the following site:
http://www.godaddy.com/gdshop/wwd_landing.asp?isc=wwbb372&ci=9057

Has anyone noticed any pricing differences?
Right! Absolutely the same pricing .

Seems like a clone. (I'm not saying it wrong, just saying it's funny)

Oh, that site even has a link to http://megacheapdomains.com/ (which costs more then godaddy)

Seems like they're trying the strategy "may the one with most domain names win"

Seems like a clone. (I'm not saying it wrong, just saying it's funny)

Click to expand...

Not all that strange since Godaddy and WildWest Domains are owned by the same company.

Quote from WildWest Domains site:

Wild West Domains, GoDaddy.com's sister company, provides the very best combination of pricing, products and support available!

Click to expand...