Brave Search

Certificates - Do I have a fundamental misunderstanding?

reddit.com › r › sysadmin › comments › 1f4dluz › certificates_do_i_have_a_fundamental

Certificates can have more than one signature, and thus more than one potential certification path. If one system has a different set of root/intermediate certificates than the other, that will cause the two differrent systems to pick different paths to trust. Answer from OsmiumBalloon on reddit.com

GoDaddy

certs.godaddy.com › anonymous › repository.pki

Repository - Sign In - GoDaddy

The end result is a more robust and secure system." The WebTrust review process, sponsored by the Canadian Institute of Chartered Accountants and the American Institute of Certified Public Accountants, culminated in GoDaddy's receipt of a WebTrust Seal of Assurance for Certification Authorities.

About SSL

aboutssl.org › go-daddy-root-certificates

Download GoDaddy Root Certificates | About SSL

JavaScript is disabled in your browser · Please enable JavaScript to proceed · A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settings. Please check your connection, disable any ad blockers, or try using a different browser

Discussions

Go Daddy Secure Certificate Authority - G2 - Apple Community

For some reason I've been getting Go Daddy Secure Certificate Authority - G2. I have no idea where this came from or how to get rid of it. I don't want to put in my password to continue since I have no idea if it's a phishing scam or what. It's affecting my browsing experience and blocking ... More on discussions.apple.com

discussions.apple.com

September 14, 2019

Citrix -You have not chosen to trust Go daddy Secure Certificate Authority - G2

Find answers to Citrix -You have not chosen to trust Go daddy Secure Certificate Authority - G2 from the expert community at Experts Exchange More on experts-exchange.com

experts-exchange.com

April 22, 2017

Go Daddy?

I was browsing through my certifications randomly and saw a "Go Daddy" certification. Did that come with the computer? (Surface Book 3) or did someone have to download that? More on learn.microsoft.com

learn.microsoft.com

November 6, 2024

MAC Issue - Go Daddy Certificate Authority - G2

This is probably caused by your IT folks not linking the intermediate certificate in the cert chain. Ask them to install the intermediate and link it. More on reddit.com

r/Citrix

March 15, 2025

reddit.com › r/sysadmin › certificates - do i have a fundamental misunderstanding?

r/sysadmin on Reddit: Certificates - Do I have a fundamental misunderstanding?

August 29, 2024 -

Hello,
I am troubleshooting an issue where Androids cannot connect to an NPS server with PEAP for RADIUS auth. All other platforms have no issue.

There are spotty errors about the certificate chain being invalid on the devices when trying to connect.

I look on my Androids certificate store and see a "Go Daddy Root Certificate Authority - G2" cert expiring in 2037.

I look on the NPS server and see the following certificate path:
GoDaddy Class 2 Certification Authority - Expires 2034
GoDaddy Root Certification Authority - G2 - Expires 2031
GoDaddy Secure Certificate Authority - Expires 2031
nps.publicname.com - expires next year

I figured oh, ok. This must be the issue. I will try to bundle the 2037 root cert into the chain and see if then the Android will trust it. I export the cert onto my laptop and am surprised to see the following in its certificate path:
GoDaddy Root Certification Authority - G2 - expires 2037 (the one I think we need)
GoDaddy Secure Certificate Authority - Expires 2031
nps.publicname.com - expires next year

Why would the certificate paths appear different for the same cert, with the same thumbprint, on two different Windows machines? I seem to have a fundamental misunderstanding I am just unable to find the answer to. Is it logical that this is the issue preventing the Androids from connecting?

I truly appreciate anyones time in helping me understand..

Top answer

1 of 2

2 of 2

Look at the issuer and subject of each certificate in the chain. The root certificate in the chain will have the same issuer and subject as it's self signed. Each of the subordinate intermediate certs will have a parent cert server as issuer and themselves as the subject which creates the chain. Start with your cert and go up the chain until you find the root server used in your NPS cert chain. It's likely that root server in the chain used by your NPS isn't trusted by Android and you'll need to import it on the Android device. It seems like you have determined that Android devices do trust a GoDaddy root server, but if it's not the one your NPS certificate uses there isn't anything you can do about that. You have to update the clients with the certificates needed to trust the server certificate, not the other way around. You can't change the root certificate server used by your NPS cert chain, that's determined when it's issued.

Mozilla Bugzilla

bugzilla.mozilla.org › show_bug.cgi

926163 - Missing "Go Daddy Secure Certificate Authority - G2" certificate authority

RESOLVED (nobody) in NSS - CA Certificates Code. Last updated 2016-09-06.

Apple Community

discussions.apple.com › thread › 250631969

Go Daddy Secure Certificate Authority - G2 - Apple Community

September 14, 2019 - For some reason I've been getting Go Daddy Secure Certificate Authority - G2. I have no idea where this came from or how to get rid of it. I don't want to put in my password to continue since I have no idea if it's a phishing scam or what. It's affecting my browsing experience and blocking ...

Experts Exchange

experts-exchange.com › questions › 29017871 › Citrix-You-have-not-chosen-to-trust-Go-daddy-Secure-Certificate-Authority-G2.html

Solved: Citrix -You have not chosen to trust Go daddy Secure Certificate Authority - G2 | Experts Exchange

April 22, 2017 - Were getting this with Apple\Mac users - "You have not chosen to trust Go daddy Secure Certificate Authority - G2 the issuer of the servers security certificate."Went to the site below and directing users to the site as the fix, however is there anything we can do on citrix or any other way without asking each MAC user to do this.

Microsoft Learn

learn.microsoft.com › en-us › answers › questions › 2315431 › go-daddy

Go Daddy? - Microsoft Q&A

November 6, 2024 - The "Go Daddy" certificate you’re ... is a well-known Certificate Authority (CA) that provides SSL certificates, used for verifying and encrypting connections to websites....

SSL-Tools

ssl-tools.net › subjects › b6080d5f6c6b76eb13e438a5f8660ba85233344e

Go Daddy Secure Certificate Authority - G2 · SSL-Tools

CN=Go Daddy Secure Certificate Authority - G2 · Fingerprints: 338dae5370 305cc017d8 27ac9369fa · Issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US ·

Find elsewhere

Google Bing Mojeek

IBM

community.ibm.com › community › user › discussion › godaddy-certs-enterprise-gateway

GoDaddy certs Enterprise Gateway | IBM webMethods Hybrid Integration

Integration Server/Enterprise Gateway 10.5I’m not sure how to include the Go Daddy Secure Certificate Authority - G2 in my keystore. The downloaded certificate

reddit.com › r/citrix › mac issue - go daddy certificate authority - g2

r/Citrix on Reddit: MAC Issue - Go Daddy Certificate Authority - G2

March 15, 2025 -

Hi everyone, my company recently updated the Citrix Storefront on their end, that has caused some issues with MAC users. I am unable to connect, it says that I chose not to trust the necessary certificate which is "Go Daddy Certificate Authority - G2". I have updated the trust policy for the certificate to always trust but no luck. Any help would be greatly appreciated

Top answer

1 of 5

This is probably caused by your IT folks not linking the intermediate certificate in the cert chain. Ask them to install the intermediate and link it.

2 of 5

Macs and MACs are very different things

GoDaddy

godaddy.com › web-security › ssl-certificate

SSL Certificate | Secure Your Data & Transactions - GoDaddy

Before issuing an EV SSL certificate, the Certificate Authority thoroughly reviews the applicant. The review process entails the examination of corporate documents, confirmation of identity, and verifies relevant information through a third-party database. The validity period depends on the SSL product you have purchased. Certificates with 90-Day Validation All Managed SSL certificate subscriptions and all SSL certificates provided through GoDaddy Websites + Marketing, Managed Hosting for WordPress, or Paylinks plans, feature 90-day validation.

GoDaddy

godaddy.com › help › renew-my-ssl-certificate-864

Renew my SSL Certificate | SSL Certificates - GoDaddy Help US

When your SSL certificate isn’t set to auto-renew, you have a 90-day window to purchase a renewal credit and apply it to the certificate. The window goes from 60 days before to 30 days after the expiration date.

Flexera

community.flexera.com › s › article › importingagodaddyintermediatecertificate

Importing a GoDaddy Intermediate Certificate

Loading · ×Sorry to interrupt · Refresh

Spiceworks

community.spiceworks.com › hardware & infrastructure › networking

GoDaddy SSL cert behavior when installed for authentication page and SSLVPN - Networking - Spiceworks Community

Top answer

1 of 16

UPDATE:

Per tech support, this is a result of FBX-8221. The 12.0 release web server changed and does not provide the intermediate certificate during a TLS negotiation. It is supposed to be fixed in the 12.0.1 release.

Gregg

2 of 16

Hello!

I have installed a GoDaddy SSL cert into my firewall (T50 running 12.0) and it works fine for the authentication page on port 4100 as well as for the SSLVPN. I just re-keyed it using a CSR from the T50.

However, when I test it using multiple external sites such as https://sslanalyzer.comodoca.com , it shows a problem with the trust chain. That site says “Trusted by Microsoft? No (unable to get local issuer certificate) UNTRUSTED” and “Trusted by Mozilla? No (unable to get local issuer certificate) UNTRUSTED.” Others have similar wording and they look like the problem is the “Go Daddy Secure Certificate Authority - G2” cert.

Does anyone else have a Firebox with a GoDaddy SSL cert that they can test? I think it is a red herring and would like to see what results others get.

There were four certs in the GoDaddy download, and reviewing each one showed this order:
Go Daddy Class 2 Certification Authority
Go Daddy Root Certificate Authority - G2
Go Daddy Secure Certificate Authority - G2
mail.greggspublicdomain.net

There were three certs in the bundle, plus my actual cert, and I installed them from bottom of the bundle cert file to top (opened using Notepad++), then installed my cert:

“Go Daddy Class 2 Certification Authority” as IPSEC/Webserver/Other
“Go Daddy Root Certificate Authority - G2” as IPSEC/Webserver/Other
“Go Daddy Secure Certificate Authority - G2” as IPSEC/Webserver/Other
“mail.greggspublicdomain.net” as IPSEC/Webserver/Other

When connecting with Chrome to mail.greggspublicdomain.net either internally or externally, Chrome shows the complete path trusted.

Thank you for your time!

Gregg

GoDaddy

certs.godaddy.com › repository › webtrust › en › WebTrustPrinciplesAndCriteriaEV.pdf pdf

STARFIELD TECHNOLOGIES, LLC, A SUBSIDIARY OF GODADDY, INC.

Go Daddy Root Certificate · Authority - G2 · Go Daddy Secure Certificate · Authority - G2 · 973A41276FFD01E027A2AAD49E34C37846D3E976FF6A620B6712E33832041AA6 · Go Daddy Class 2 · Certification Authority · Go Daddy Secure · Certification Authority · 09ED6E991FC3273D8FEA317D339C02041861973549CFA6E1558F411F11211AA3 ·

Hqcodeshop

blog.hqcodeshop.fi › archives › 304-Fixing-curl-with-Go-Daddy-Secure-Certificate-Authority-G2-CA-root.html

Fixing curl with Go Daddy Secure Certificate Authority G2 CA root - Hacker's ramblings

June 7, 2016 - $ wget http://certificates.godaddy.com/repository/gdig2.crt \ -O "/etc/pki/tls/certs/Go Daddy Secure Certificate Authority - G2.pem"

Stack Exchange

security.stackexchange.com › questions › 109644 › why-does-godaddy-have-four-different-certificate-chain-g2-g3-g4

public key infrastructure - Why does GoDaddy have four different certificate chain, G2, G3, G4? - Information Security Stack Exchange

Top answer

1 of 1

"G" stands for Root certificates generation. Basically, it identifies the generation (version) of a Root certificate that signs the Chain of trust. When CA needs to get a new chain (for example, because of upgrade from SHA-1 to SHA-256), they just increment the generation number. This is good because obsolete certificates can be better identified.

GitHub

gist.github.com › TheCakeIsNaOH › 57254dc7f99b528d495e4f4e52de7f03

Go Daddy Secure Certificate Authority - G2.crt · GitHub

Go Daddy Secure Certificate Authority - G2.crt · This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode ...

Newrelic

support.newrelic.com › s › hubtopic › aAX8W0000008bkCWAQ › go-daddy-secure-certificate-authority-g2-verification-failure

Go Daddy Secure Certificate Authority - G2 verification failure

April 21, 2021 - Loading · ×Sorry to interrupt · Refresh

Claris Community

community.claris.com › en › s › question › 0D50H00006dsmJbSAI › godaddy-cert-could-not-be-imported

Claris Community (English)

Loading · ×Sorry to interrupt · Refresh