🌐
Reddit
reddit.com › r/sysadmin › android issues with go daddy secure ca - g2
r/sysadmin on Reddit: Android issues with Go Daddy secure ca - g2
October 24, 2021 -

Is anyone else experiencing issues with chrome and edge on mobile devices not trusting Go Daddy Secure Certificate Authority - G2 signed certificates?

We have a wildcard one that if causing problems for mobiles.

Top answer
1 of 1
2
I'd recommend running your website through https://www.ssllabs.com/ssltest/ - it'll break down different dozens of browsers and operating systems, if they trust & support your site and other things like that.
🌐
GoDaddy
certs.godaddy.com › anonymous › repository.pki
Repository
GoDaddy's business controls and ... for Certification Authorities Principles and Criteria. According to WebTrust, "A WebTrust attestation engagement focuses on risk areas related to e-commerce activities and the appropriate policies and controls to manage those risks to the benefit of both the entity and the entity's customers. The end result is a more robust and secure ...
🌐
SSL-Tools
ssl-tools.net › subjects › b6080d5f6c6b76eb13e438a5f8660ba85233344e
Go Daddy Secure Certificate Authority - G2 · SSL-Tools
CN=Go Daddy Secure Certificate Authority - G2 · Fingerprints: 338dae5370 305cc017d8 27ac9369fa · Issuer: CN=Go Daddy Secu­re Certificate A­uthority - G2,OU­=http://certs.go­daddy.com/reposi­tory/,O=GoDaddy.­com\, Inc.,L=Sco­ttsdale,ST=Arizo­na,C=US ·
🌐
Mozilla Bugzilla
bugzilla.mozilla.org › show_bug.cgi
926163 - Missing "Go Daddy Secure Certificate Authority - G2" certificate authority
RESOLVED (nobody) in NSS - CA Certificates Code. Last updated 2016-09-06.
🌐
Stack Overflow
stackoverflow.com › questions › 72256614 › curl-ssl-certificate-issue-go-daddy-secure-certificate-authority-g2
curl SSL certificate issue - Go Daddy secure certificate authority - g2 - Stack Overflow
@dave_thompson_085 you are right. Thanks a lot. It appears that GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 was used.
🌐
Hqcodeshop
blog.hqcodeshop.fi › archives › 304-Fixing-curl-with-Go-Daddy-Secure-Certificate-Authority-G2-CA-root.html
Fixing curl with Go Daddy Secure Certificate Authority G2 CA root - Hacker's ramblings
$ wget http://certificates.godaddy.com/repository/gdig2.crt \ -O "/etc/pki/tls/certs/Go Daddy Secure Certificate Authority - G2.pem"
🌐
About SSL
aboutssl.org › go-daddy-root-certificates
Client Challenge
JavaScript is disabled in your browser · Please enable JavaScript to proceed · A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settings. Please check your connection, disable any ad blockers, or try using a different browser
🌐
GoDaddy
certs.godaddy.com › repository › gd_evcs-g2.crt
gd_evcs-g2.crt
Certificate: Data: Version: 3 (0x2) ... Inc., CN=Go Daddy Root Certificate Authority - G2 Validity Not Before: May 1 07:00:00 2015 GMT Not After : May 1 07:00:00 2035 GMT Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy Inc., CN=Go Daddy Secure Extended Validation Code Signing ...
🌐
Reddit
reddit.com › r/sysadmin › certificates - do i have a fundamental misunderstanding?
r/sysadmin on Reddit: Certificates - Do I have a fundamental misunderstanding?
August 29, 2024 -

Hello,
I am troubleshooting an issue where Androids cannot connect to an NPS server with PEAP for RADIUS auth. All other platforms have no issue.

There are spotty errors about the certificate chain being invalid on the devices when trying to connect.

I look on my Androids certificate store and see a "Go Daddy Root Certificate Authority - G2" cert expiring in 2037.

I look on the NPS server and see the following certificate path:
GoDaddy Class 2 Certification Authority - Expires 2034
GoDaddy Root Certification Authority - G2 - Expires 2031
GoDaddy Secure Certificate Authority - Expires 2031
nps.publicname.com - expires next year

I figured oh, ok. This must be the issue. I will try to bundle the 2037 root cert into the chain and see if then the Android will trust it. I export the cert onto my laptop and am surprised to see the following in its certificate path:
GoDaddy Root Certification Authority - G2 - expires 2037 (the one I think we need)
GoDaddy Secure Certificate Authority - Expires 2031
nps.publicname.com - expires next year

Why would the certificate paths appear different for the same cert, with the same thumbprint, on two different Windows machines? I seem to have a fundamental misunderstanding I am just unable to find the answer to. Is it logical that this is the issue preventing the Androids from connecting?

I truly appreciate anyones time in helping me understand..

Top answer
1 of 2
2
Certificates can have more than one signature, and thus more than one potential certification path. If one system has a different set of root/intermediate certificates than the other, that will cause the two differrent systems to pick different paths to trust.
2 of 2
1
Look at the issuer and subject of each certificate in the chain. The root certificate in the chain will have the same issuer and subject as it's self signed. Each of the subordinate intermediate certs will have a parent cert server as issuer and themselves as the subject which creates the chain. Start with your cert and go up the chain until you find the root server used in your NPS cert chain. It's likely that root server in the chain used by your NPS isn't trusted by Android and you'll need to import it on the Android device. It seems like you have determined that Android devices do trust a GoDaddy root server, but if it's not the one your NPS certificate uses there isn't anything you can do about that. You have to update the clients with the certificates needed to trust the server certificate, not the other way around. You can't change the root certificate server used by your NPS cert chain, that's determined when it's issued.
🌐
Palo Alto Networks
knowledgebase.paloaltonetworks.com › KCSArticleDetail
Importing the Traps Management Service Go Daddy G2 Root ...
Goto the “Certification Path” tab and select the “Go Daddy Root Certificate Authority – G2” line at the top and then click the “View Certificate” button.
Find elsewhere
🌐
GoDaddy
certs.godaddy.com › repository › webtrust › en › WebTrustPrinciplesAndCriteriaEV.pdf pdf
STARFIELD TECHNOLOGIES, LLC, A SUBSIDIARY OF GODADDY, INC.
Go Daddy Root Certificate · Authority - G2 · Go Daddy Secure Certificate · Authority - G2 · 973A41276FFD01E027A2AAD49E34C37846D3E976FF6A620B6712E33832041AA6 · Go Daddy Class 2 · Certification Authority · Go Daddy Secure · Certification Authority · 09ED6E991FC3273D8FEA317D339C02041861973549CFA6E1558F411F11211AA3 ·
🌐
Let's Encrypt
community.letsencrypt.org › help
I don't have a certificate Go Daddy Root Certificate Authority – G2 help me find it - Help - Let's Encrypt Community Support
October 21, 2021 - Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, ...
🌐
Apple Community
discussions.apple.com › thread › 250631969
Go Daddy Secure Certificate Authority - G2 - Apple Community
For some reason I've been getting Go Daddy Secure Certificate Authority - G2. I have no idea where this came from or how to get rid of it. I don't want to put in my password to continue since I have no idea if it's a phishing scam or what. It's affecting my browsing experience and blocking ...
🌐
New Relic
forum.newrelic.com › s › hubtopic › aAX8W0000008bkCWAQ
Go Daddy Secure Certificate Authority - G2 verification failure
Loading · ×Sorry to interrupt · Refresh
🌐
GitHub
gist.github.com › TheCakeIsNaOH › 57254dc7f99b528d495e4f4e52de7f03
Go Daddy Secure Certificate Authority - G2.crt · GitHub
Go Daddy Secure Certificate Authority - G2.crt · This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode ...
🌐
Flexera
community.flexera.com › s › article › importingagodaddyintermediatecertificate
Importing a GoDaddy Intermediate Certificate
Loading · ×Sorry to interrupt · Refresh
🌐
Stack Overflow
stackoverflow.com › questions › 60982922 › whats-the-x-budle-g2-g1-crt-in-apache-certificate-directory
ssl - What's the `x_budle-g2-g1.crt` in Apache certificate directory? - Stack Overflow
Top answer
1 of 1
1

I'd guess that X.pem is your server certificate, and it is issued by GoDaddy Secure Certificate Authority - G2

Then x_bundle-g2-g1.crt is the chain of trust till the root GoDaddy certificate.

Check the contents of x_bundle-g2-g1.crt using openssl command:

openssl crl2pkcs7 -nocrl -certfile x_bundle-g2-g1.crt | openssl pkcs7 -print_certs -text -noout | grep -E 'Subject:|Issuer:'

This hack is to print all certificates in PEM file

I expect the output would be like this:

        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority

That is,

  1. Go Daddy Secure Certificate Authority - G2 signed by Go Daddy Root Certificate Authority - G2
  2. Go Daddy Root Certificate Authority - G2
  3. self-signed Go Daddy Class 2 Certification Authority

Check which certificates your web server provides to the client: openssl s_client -showcerts -servername YOUR_SERVER -connect YOUR_SERVER:443 </dev/null

I'd bet that it provides the complete chain -

  • your server certificate from X.pem
  • Go Daddy Secure Certificate Authority - G2
  • Go Daddy Root Certificate Authority - G2

This is a precaution for end systems, such as brosers, that miss intermediate GoDaddy certificate.

🌐
Stack Exchange
security.stackexchange.com › questions › 109644 › why-does-godaddy-have-four-different-certificate-chain-g2-g3-g4
public key infrastructure - Why does GoDaddy have four different certificate chain, G2, G3, G4? - Information Security Stack Exchange
Top answer
1 of 1
20

"G" stands for Root certificates generation. Basically, it identifies the generation (version) of a Root certificate that signs the Chain of trust. When CA needs to get a new chain (for example, because of upgrade from SHA-1 to SHA-256), they just increment the generation number. This is good because obsolete certificates can be better identified.

🌐
Fyicenter
certificate.fyicenter.com › 1249_Intermediate_CA_Go_Daddy_Secure_Certificate_Authority_G2_.html
Go Daddy Secure Certificate Authority - G2, http://certs.goda...
Go Daddy Root Certificate Authority - G2, GoDaddy.com, Inc., ... Certificate summary - Owner: Go Daddy Root Certificate Authority - G2, "GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, US Issuer: Go Daddy Class 2 Certification Authority, "The Go Daddy Group, Inc.", US Expiration: Fri May 30 03:00:00 EDT 2031 MD5: 81:52:8B:89:E1:65:20:4A:75:AD: 85:E8:C3:88:CD:68Hash...
🌐
Atlassian Support
support.atlassian.com › atlassian-cloud › kb › getting-certificate-error-when-connecting-atlassian-cloud-with-external-applications-using-godaddy-cert
Getting Certificate Error when connecting Atlassian Cloud with External Applications using GoDaddy Cert | Atlassian Cloud | Atlassian Support
May 22, 2025 - Go Daddy Root Certificate Authority ... to G2 Cross Certificate”. Go Daddy Secure Certificate Authority -- G2: (SHA-2) -- Hash 27 AC 93 69 FA F2 52 07 BB 26 27 CE FA CC BE 4E F9 C3 19 B8....