Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    222
    Rep Power
    18

    GoDaddy SSL Problem: not trusted authority in FF?


    We normally purchase our SSL certs through verisign or thawte for our customers, but we are trying out goDaddy for this one because they offer a much cheaper alternative:

    TurboSSL just $19.95/yr
    https://www.godaddy.com/gdshop/ssl/s...?se=%2B&ci=271

    granted all they do is domain validation, but this should be sufficient for most of our clients.

    Anyways, the installation process was not as troublefree as it has been with other authorities. GoDaddy has a ca_bundle with an intermediate and a root authority certificate that needed to be installed. Eventually I got it to work.

    The problem is, when loading up the page in firefox I see:

    Unable to verify the identity of praxishosting.com as a trusted site.

    Possible reasons for this error:
    -Your browser does not recognize the Certificate authority that issued the site's certificate.
    -The site's certificate is incomplete due to a server misconfiguration.
    -etc.

    you can see this yourself here: https://praxishosting.com

    Now I have talked with our host's support and with goDaddys support, and the best I can figure out is that the authority that goDaddy uses (Starfield Technologies Inc) is not one of the default trusted authorities for firefox... obviously this is not good for reselling to clients and would make me go back to paying 7x as much through thawte/verisign.

    However, I am not really sure this is the problem. It is possible I installed something wrong, but GoDaddy support seems to have no clue. They told me to download the latest version of FF (which I have).

    Basically I just want to know if this is always going to happen because GoDaddy goes through a non mainstreem authority, or if I have done something wrong on my end.

    sorry for the long windedness of my first post in the Security forum. hopefully someone can help.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2004
    Posts
    86
    Rep Power
    11
    Works fine in firefox for me.

    The root cert is only signed in 1999 so any browsers/operating system (eg windows 98) will not have support for that cert.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2003
    Posts
    3
    Rep Power
    0
    I have the same prob. is there a solution or is godaddy a nogo for ssl?

    Config:
    Linux
    Apache
    cpanel 10
    godaddy turbo ssl
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    222
    Rep Power
    18
    I had given up on getting any replies on this.
    As far as FireFox, if you have ever told it to trust goDaddy in the past, I think that it is okay. But doesn't come like that on install.

    I don't believe there is an answer. I called goDaddy and got some support people that were just "Yes people" and obviously didn't really understand SSL.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2003
    Posts
    3
    Rep Power
    0
    There are a lot of other people out there that don't seem to be having trouble with the godaddy certs. I'm still hoping it's a matter of installing them the 'right' way. Looks like it might be better to steer clear of chained certs unless you want to stuff about a bit.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    222
    Rep Power
    18
    It is possible that I installed it wrong (how would I know?), but I don't think I did. I don't have any issues with the cert in IE, or in FF after choosing to trust Starfield Technologies Inc.
  12. #7
  13. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    North America
    Posts
    147
    Rep Power
    11
    From what I have understood, some of the cheaper certificates do not have as high of a browser recognition rate - however I may be mistaken.

    Anyways, take a look at http://www.rapidssl.com/ - You can get their basic certificate through some companies (eg. The Planet) for much cheaper and I have yet to have any problems with it.
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2006
    Posts
    1
    Rep Power
    0

    Godaddy Difficulty


    I purchased the godaddy turbossl certificate and the first browser (firefox 1.5, winXP) that I used to view my site complained about it. That is absolutely unacceptable in an ssl certificate.

    In a phone call to godaddy they agreed to revoke the certificate and refund the purchase price. Without cause, my refund was un-refunded by godaddy. I called godaddy again and they said they would give me a refund. I'm still waiting to see what happens with the second refund.

    I should also mention that both godaddy representatives claim that I am the first person to report that firefox or any other browser doesn't recognize their certificates. bizarre.

    Here's the order of events:
    April 22, 6pm - order godaddy turbo ssl certificate
    (authentication process pending)
    April 22, 7pm - receive email containing my certificate
    April 23, 8pm - receive email confirming my cancellation


    ******************************************************************
    ITEM CANCELLATION CONFIRMATION
    ******************************************************************


    Dear xx,

    Per your request, the items listed below have been cancelled from your account, xx:

    Turbo SSL (1 Year): 04/22/2007. xx.xx.xx

    If you feel this cancellation has occurred in error or you need further assistance, our support staff is available 24 hours a day, 7 days a week:

    + Online Support: https://www.godaddy.com/gdshop/support.asp?prog_id=GoDaddy
    + Email: mailto:support@godaddy.com
    + Phone: (480) 505-8877

    Thanks again for being a GoDaddy.com customer.

    Sincerely,
    GoDaddy.com


    April 24, 3pm - un-refunded?

    ***********************************************
    REFUND STATUS NOTIFICATION
    ***********************************************

    Dear xx,

    We recently received the following refund request:

    Order ID Number: xx
    Refund Amount: $14.99

    Unfortunately, your request has been denied.

    Please contact our customer support staff for additional information:

    Email: mailto:support@godaddy.com
    Phone: (480) 505-8877
    Online FAQ: http://help.godaddy.com/?prog_id=GoDaddy

    Sincerely,
    GoDaddy.com


    April 27, 12am - re-refunded?

    ===========================================================
    REFUND CONFIRMATION
    ===========================================================

    Wednesday, April 26, 2006 9:36:28 PM


    Dear xx,

    GoDaddy.com(R) has received a refund request for the following items:

    QTY ITEM PRICE
    --------------------------------------------------------------
    -1 Turbo SSL (1 Year) $ (14.99)
    --------------------------------------------------------------
    Subtotal: $ (14.99)
    Shipping & Handling: $ 0.00
    Tax: $ 0.00
    Total: $ (14.99)


    Important Information concerning your purchase:

    SSL Certificates
    Product Info: http://help.godaddy.com/topic_list.php?topic_id=186&prog_id=GoDaddy



    I will post again in a few days...
  16. #9
  17. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
  18. #10
  19. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    222
    Rep Power
    18
    Well, I am glad if nothing else, that other people having this problem are finding this post when searching and know it isn't just them, because I couldn't find anything.

    I love how godaddy reps deny things and basically have no idea what they are talking about.

    Comments on this post

    • pabloj agrees : You might even point them to this thread, this should make them afraid of the word of mouth about the bad experience
  22. #12
  23. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    322
    Rep Power
    11
    I just talked to the GoDaddy people.

    They said that with the browsers, you need to have the intermediate signing certificate installed for the other browsers to not ask the user for acceptance.

    He also said there are step by step guides to installing the cert on the web site.

    Also, when dealing with the certs, don't call goDaddy, call 480.505.8852 the number should take you to Starfield tech.


    Just an FYI.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2004
    Posts
    222
    Rep Power
    18
    Is there a way to tell for sure if the intermediate is installed correctly? I thought I installed it all correctly, but it is possible I did not.

    Thanks for the phone number. I am sure that will prove more useful than the godaddy #.
  26. #14
  27. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    322
    Rep Power
    11
    I am not sure how the tech I talked to was able to tell, but he knew immediatly.

    I would just call.
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2006
    Posts
    1
    Rep Power
    0
    i've encountered this on our secure site myself.

    figured out what misconfiguration i did on the server, and fixed it. make sure the admin look into installing the secure chain certificate properly on the server.

    like on apache:
    http://httpd.apache.org/docs/2.0/mod/mod_ssl.html.en#sslcertificatechainfile

    the starfield chain certificate is issued by valicert, which is in turn what FF does have.

    on the other hand opera, and IE have both valicert, and starfield, so even without configuring the chain certificate on the server, it just works.



    opera rox

    Comments on this post

    • raada agrees
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo