Certificates can have more than one signature, and thus more than one potential certification path. If one system has a different set of root/intermediate certificates than the other, that will cause the two differrent systems to pick different paths to trust. Answer from OsmiumBalloon on reddit.com
Reddit
reddit.com › r/sysadmin › android issues with go daddy secure ca - g2
r/sysadmin on Reddit: Android issues with Go Daddy secure ca - g2
October 25, 2021 -
Is anyone else experiencing issues with chrome and edge on mobile devices not trusting Go Daddy Secure Certificate Authority - G2 signed certificates?
We have a wildcard one that if causing problems for mobiles.
GoDaddy
certs.godaddy.com › repository › gdroot-g2.crt
gdroot-g2.crt
-----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz ...
Reddit
reddit.com › r/sysadmin › certificates - do i have a fundamental misunderstanding?
r/sysadmin on Reddit: Certificates - Do I have a fundamental misunderstanding?
August 29, 2024 -
Hello,
I am troubleshooting an issue where Androids cannot connect to an NPS server with PEAP for RADIUS auth. All other platforms have no issue.
There are spotty errors about the certificate chain being invalid on the devices when trying to connect.
I look on my Androids certificate store and see a "Go Daddy Root Certificate Authority - G2" cert expiring in 2037.
I look on the NPS server and see the following certificate path:
GoDaddy Class 2 Certification Authority - Expires 2034
GoDaddy Root Certification Authority - G2 - Expires 2031
GoDaddy Secure Certificate Authority - Expires 2031
nps.publicname.com - expires next year
I figured oh, ok. This must be the issue. I will try to bundle the 2037 root cert into the chain and see if then the Android will trust it. I export the cert onto my laptop and am surprised to see the following in its certificate path:
GoDaddy Root Certification Authority - G2 - expires 2037 (the one I think we need)
GoDaddy Secure Certificate Authority - Expires 2031
nps.publicname.com - expires next year
Why would the certificate paths appear different for the same cert, with the same thumbprint, on two different Windows machines? I seem to have a fundamental misunderstanding I am just unable to find the answer to. Is it logical that this is the issue preventing the Androids from connecting?
I truly appreciate anyones time in helping me understand..
Top answer 1 of 2
2
Certificates can have more than one signature, and thus more than one potential certification path. If one system has a different set of root/intermediate certificates than the other, that will cause the two differrent systems to pick different paths to trust.
2 of 2
1
Look at the issuer and subject of each certificate in the chain. The root certificate in the chain will have the same issuer and subject as it's self signed. Each of the subordinate intermediate certs will have a parent cert server as issuer and themselves as the subject which creates the chain. Start with your cert and go up the chain until you find the root server used in your NPS cert chain. It's likely that root server in the chain used by your NPS isn't trusted by Android and you'll need to import it on the Android device. It seems like you have determined that Android devices do trust a GoDaddy root server, but if it's not the one your NPS certificate uses there isn't anything you can do about that. You have to update the clients with the certificates needed to trust the server certificate, not the other way around. You can't change the root certificate server used by your NPS cert chain, that's determined when it's issued.
Fyicenter
certificate.fyicenter.com › 3352_Go_Daddy_Secure_Certificate_Authority-G2_Certificate-40C2BD278ECC348330A233D7FB6CB3F0B42C80CE.html
Go Daddy Secure Certificate Authority - G2 Certificate - 40C2BD278ECC348330A233D7FB6CB3F0B42C80CE
Android Apple Mac DH Keys DSA Keys EC Keys Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Microsoft Edge Mozilla CertUtil OpenSSL Other Portecle Publishers Revoked Certificates Root CA RSA Keys Tools Tutorial What Is Windows ... Tester Developer DBA Windows JAR DLL Files Certificates RegEx Links Q&A Biotech Phones Travel FAQ Forum ... Subject: Go Daddy Secure Certificate Authority - G2 Issuer: Go Daddy Root Certificate Authority - G2 Expiration: 2031-05-03 07:00:00 UTC Key Identifier: 40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
SSL-Tools
ssl-tools.net › subjects › b6080d5f6c6b76eb13e438a5f8660ba85233344e
Go Daddy Secure Certificate Authority - G2 · SSL-Tools
CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US
Fyicenter
certificate.fyicenter.com › 1249_Intermediate_CA_Go_Daddy_Secure_Certificate_Authority_G2_.html
Go Daddy Secure Certificate Authority - G2, http://certs.goda...
Android Apple Mac DH Keys DSA Keys EC Keys Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Microsoft Edge Mozilla CertUtil OpenSSL Other Portecle Publishers Revoked Certificates Root CA RSA Keys Tools Tutorial What Is Windows ... Tester Developer DBA Windows JAR DLL Files Certificates RegEx Links Q&A Biotech Phones Travel FAQ Forum ... Go Daddy Secure Certificate Authority - G2, http://certs.goda...
GoDaddy
certs.godaddy.com › repository
Repository
GoDaddy's business controls and ... for Certification Authorities Principles and Criteria. According to WebTrust, "A WebTrust attestation engagement focuses on risk areas related to e-commerce activities and the appropriate policies and controls to manage those risks to the benefit of both the entity and the entity's customers. The end result is a more robust and secure ...
Top answer 1 of 2
3
The website does not provide an intermediate certificate that is required to complete the certificate chain. Some clients, like Android, are unable to build the complete certificate path and do not trust the certificate when this happens.
If you are the site admin, the correct way to address this is to download and supply the intermediate certificate so that the complete chain is sent.
2 of 2
2
There are two potential issues:
- The Root CA used is "Go Daddy Root Certificate Authority - G2 " which might not be available in your Android device.
- The server is not presenting the Intermediate CA "Go Daddy Secure Certificate Authority - G2". The server certificate was issued by the Intermediate CA "Go Daddy Secure Certificate Authority - G2" that was issued by the Root CA "Go Daddy Root Certificate Authority - G2". For web servers this is not a problem as they are able to download the intermediate CA using the AIA extension from the server certificate but your Java application won't, unless you develop this functionality.
Stack Overflow
stackoverflow.com › questions › 72256614 › curl-ssl-certificate-issue-go-daddy-secure-certificate-authority-g2
curl SSL certificate issue - Go Daddy secure certificate authority - g2 - Stack Overflow
@dave_thompson_085 you are right. Thanks a lot. It appears that GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 was used.
About SSL
aboutssl.org › go-daddy-root-certificates
Client Challenge
JavaScript is disabled in your browser · Please enable JavaScript to proceed · A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settings. Please check your connection, disable any ad blockers, or try using a different browser
Let's Encrypt
community.letsencrypt.org › help
I don't have a certificate Go Daddy Root Certificate Authority – G2 help me find it - Help - Let's Encrypt Community Support
October 21, 2021 - Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | ex…
GitHub
gist.github.com › TheCakeIsNaOH › 57254dc7f99b528d495e4f4e52de7f03
Go Daddy Secure Certificate Authority - G2.crt · GitHub
Go Daddy Secure Certificate Authority - G2.crt · This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode ...
Flexera
community.flexera.com › s › article › importingagodaddyintermediatecertificate
Importing a GoDaddy Intermediate Certificate
Loading · ×Sorry to interrupt · Refresh
GoDaddy
godaddy.com › help › browser-and-device-compatibility-1139
GoDaddy Help Center - SSL Certificates
GoDaddy Help Center - SSL Certificates
GoDaddy
certs.godaddy.com › repository › gd_evcs-g2.crt
gd_evcs-g2.crt
Certificate: Data: Version: 3 (0x2) ... Inc., CN=Go Daddy Root Certificate Authority - G2 Validity Not Before: May 1 07:00:00 2015 GMT Not After : May 1 07:00:00 2035 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy Inc., CN=Go Daddy Secure Extended Validation Code Signing ...
Hqcodeshop
blog.hqcodeshop.fi › archives › 304-Fixing-curl-with-Go-Daddy-Secure-Certificate-Authority-G2-CA-root.html
Fixing curl with Go Daddy Secure Certificate Authority G2 CA root - Hacker's ramblings
$ wget http://certificates.godaddy.com/repository/gdig2.crt \ -O "/etc/pki/tls/certs/Go Daddy Secure Certificate Authority - G2.pem"
Google Groups
groups.google.com › g › mozilla.dev.security.policy › c › jnp-TvHtkCw
Go Daddy Root Inclusion Request
After I have confirmed that the action items have been satisfactorily completed, I plan to recommend approval of Go Daddy's request to add three root certificates, enable the Websites and Code Signing trust bits for all three, and enable EV for the “Go Daddy Root Certificate · Authority - G2” and “Starfield Root Certificate Authority - G2” roots.
Atlassian Support
support.atlassian.com › atlassian-cloud › kb › getting-certificate-error-when-connecting-atlassian-cloud-with-external-applications-using-godaddy-cert
Getting Certificate Error when connecting Atlassian Cloud with External Applications using GoDaddy Cert | Atlassian Cloud | Atlassian Support
May 22, 2025 - Go Daddy Root Certificate Authority -- G2: (SHA-2) -- Hash 47 BE AB C9 22 EA E8 0E 78 78 34 62 A7 9F 45 C2 54 FD E6 8B. ℹ️ This is the root certificate that’s built into most systems (e.g. Chrome) but not built into Java. Go Daddy Secure Certificate Authority -- G2: (SHA-2) -- Hash 27 AC 93 69 FA F2 52 07 BB 26 27 CE FA CC BE 4E F9 C3 19 B8
GoDaddy
certs.godaddy.com › repository › webtrust › en › WebTrustPrinciplesAndCriteriaEV.pdf pdf
STARFIELD TECHNOLOGIES, LLC, A SUBSIDIARY OF GODADDY, INC.
Go Daddy Root Certificate · Authority - G2 · Go Daddy Secure Certificate · Authority - G2 · 973A41276FFD01E027A2AAD49E34C37846D3E976FF6A620B6712E33832041AA6 · Go Daddy Class 2 · Certification Authority · Go Daddy Secure · Certification Authority · 09ED6E991FC3273D8FEA317D339C02041861973549CFA6E1558F411F11211AA3 ·
SSL-Tools
ssl-tools.net › subjects › 1d236f8e064b971fdddfa11523e1aee502be2b1b
Go Daddy Root Certificate Authority - G2 · SSL-Tools
CN=Go Daddy Root Certificate Authority - G2 · Fingerprints: 340b2880f4 47beabc922 · Issuer: OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US · CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US ·