GoDaddy SSL Problem: not trusted authority in FF?

We normally purchase our SSL certs through verisign or thawte for our customers, but we are trying out goDaddy for this one because they offer a much cheaper alternative:

TurboSSL just $19.95/yr
https://www.godaddy.com/gdshop/ssl/...p?se=%2B&ci=271

granted all they do is domain validation, but this should be sufficient for most of our clients.

Anyways, the installation process was not as troublefree as it has been with other authorities. GoDaddy has a ca_bundle with an intermediate and a root authority certificate that needed to be installed. Eventually I got it to work.

The problem is, when loading up the page in firefox I see:

Unable to verify the identity of praxishosting.com as a trusted site.

Possible reasons for this error:
-Your browser does not recognize the Certificate authority that issued the site's certificate.
-The site's certificate is incomplete due to a server misconfiguration.
-etc.

you can see this yourself here: https://praxishosting.com

Now I have talked with our host's support and with goDaddys support, and the best I can figure out is that the authority that goDaddy uses (Starfield Technologies Inc) is not one of the default trusted authorities for firefox... obviously this is not good for reselling to clients and would make me go back to paying 7x as much through thawte/verisign.

However, I am not really sure this is the problem. It is possible I installed something wrong, but GoDaddy support seems to have no clue. They told me to download the latest version of FF (which I have).

Basically I just want to know if this is always going to happen because GoDaddy goes through a non mainstreem authority, or if I have done something wrong on my end.

sorry for the long windedness of my first post in the Security forum. hopefully someone can help.

Works fine in firefox for me.

The root cert is only signed in 1999 so any browsers/operating system (eg windows 98) will not have support for that cert.

I have the same prob. is there a solution or is godaddy a nogo for ssl?

Config:
Linux
Apache
cpanel 10
godaddy turbo ssl

I had given up on getting any replies on this.
As far as FireFox, if you have ever told it to trust goDaddy in the past, I think that it is okay. But doesn't come like that on install.

I don't believe there is an answer. I called goDaddy and got some support people that were just "Yes people" and obviously didn't really understand SSL.

There are a lot of other people out there that don't seem to be having trouble with the godaddy certs. I'm still hoping it's a matter of installing them the 'right' way. Looks like it might be better to steer clear of chained certs unless you want to stuff about a bit.

It is possible that I installed it wrong (how would I know?), but I don't think I did. I don't have any issues with the cert in IE, or in FF after choosing to trust Starfield Technologies Inc.

From what I have understood, some of the cheaper certificates do not have as high of a browser recognition rate - however I may be mistaken.

Anyways, take a look at http://www.rapidssl.com/ - You can get their basic certificate through some companies (eg. The Planet) for much cheaper and I have yet to have any problems with it.

I purchased the godaddy turbossl certificate and the first browser (firefox 1.5, winXP) that I used to view my site complained about it. That is absolutely unacceptable in an ssl certificate.

In a phone call to godaddy they agreed to revoke the certificate and refund the purchase price. Without cause, my refund was un-refunded by godaddy. I called godaddy again and they said they would give me a refund. I'm still waiting to see what happens with the second refund.

I should also mention that both godaddy representatives claim that I am the first person to report that firefox or any other browser doesn't recognize their certificates. bizarre.

Here's the order of events:
April 22, 6pm - order godaddy turbo ssl certificate
(authentication process pending)
April 22, 7pm - receive email containing my certificate
April 23, 8pm - receive email confirming my cancellation

******************************************************************
ITEM CANCELLATION CONFIRMATION
******************************************************************


Dear xx,

Per your request, the items listed below have been cancelled from your account, xx:

Turbo SSL (1 Year): 04/22/2007. xx.xx.xx

If you feel this cancellation has occurred in error or you need further assistance, our support staff is available 24 hours a day, 7 days a week:

+ Online Support: https://www.godaddy.com/gdshop/support.asp?prog_id=GoDaddy
+ Email: mailto:support@godaddy.com
+ Phone: (480) 505-8877

Thanks again for being a GoDaddy.com customer.

Sincerely,
GoDaddy.com


April 24, 3pm - un-refunded?

***********************************************
REFUND STATUS NOTIFICATION
***********************************************

Dear xx,

We recently received the following refund request:

Order ID Number: xx
Refund Amount: $14.99

Unfortunately, your request has been denied.

Please contact our customer support staff for additional information:

Email: mailto:support@godaddy.com
Phone: (480) 505-8877
Online FAQ: http://help.godaddy.com/?prog_id=GoDaddy

Sincerely,
GoDaddy.com


April 27, 12am - re-refunded?

===========================================================
REFUND CONFIRMATION
===========================================================

Wednesday, April 26, 2006 9:36:28 PM


Dear xx,

GoDaddy.com(R) has received a refund request for the following items:

QTY ITEM PRICE
--------------------------------------------------------------
-1 Turbo SSL (1 Year) $ (14.99)
--------------------------------------------------------------
Subtotal: $ (14.99)
Shipping & Handling: $ 0.00
Tax: $ 0.00
Total: $ (14.99)


Important Information concerning your purchase:

SSL Certificates
Product Info: http://help.godaddy.com/topic_list.php?topic_id=186&prog_id=GoDaddy



I will post again in a few days...

ninjablademaste: why not asking goDaddy to make a contribution to Mozilla foundation and asking inclusion of their CA in the trusted list?

A reource for all certificate buyers, Mozilla CA Certificate List Hope it helps

Well, I am glad if nothing else, that other people having this problem are finding this post when searching and know it isn't just them, because I couldn't find anything.

I love how godaddy reps deny things and basically have no idea what they are talking about.

I just talked to the GoDaddy people.

They said that with the browsers, you need to have the intermediate signing certificate installed for the other browsers to not ask the user for acceptance.

He also said there are step by step guides to installing the cert on the web site.

Also, when dealing with the certs, don't call goDaddy, call 480.505.8852 the number should take you to Starfield tech.


Just an FYI.

Is there a way to tell for sure if the intermediate is installed correctly? I thought I installed it all correctly, but it is possible I did not.

Thanks for the phone number. I am sure that will prove more useful than the godaddy #.

I am not sure how the tech I talked to was able to tell, but he knew immediatly.

I would just call.

i've encountered this on our secure site myself.

figured out what misconfiguration i did on the server, and fixed it. make sure the admin look into installing the secure chain certificate properly on the server.

like on apache:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.en#sslcertificatechainfile

the starfield chain certificate is issued by valicert, which is in turn what FF does have.

on the other hand opera, and IE have both valicert, and starfield, so even without configuring the chain certificate on the server, it just works.



opera rox