Layer7 API Management

  • Private Community

  • 1.  public Certificate of godaddy

    Posted Jul 04, 2018 02:53 PM

    Hi there,

    Am using mutual client cert authentication for an api.My client uses a cert which is singed by Go daddy.The question was, how could i get the root cert of this go daddy which i need to trust manually in certs trust store of ssg.

    Does it be not same for all the certs issued by go daddy was signed with the same key,if the was yes, could you pls let me know from where i can download the public key of godaddy?

     



  • 2.  Re: public Certificate of godaddy
    Best Answer

    Broadcom Employee
    Posted Jul 04, 2018 08:00 PM

    Dear Popleys ,

    There should be 2 options,

    1. add pkix.useDefaultTrustAnchors cluster wide property and set it to true, to trust the well know certificate authorities (Go daddy should be included)

     

    2. Godaddy should provide the link(s) to download their root certificate, here is godaday cert repository I found from google,

    Repository 

     

    (option 3, you may ask help from godaddy support.)

     

    Regards,

    Mark



  • 3.  Re: public Certificate of godaddy

    Posted Jul 04, 2018 08:40 PM

    Hi Mark,I have added in ssg9.3 verison the following, but still I get the same error

    Signer 'cn=go daddy secure certificate authority - g2,ou=http://certs.godaddy.com/repository/,o=godaddy.com\, inc.,l=scottsdale,st=arizona,c=us' is not trusted'</l7:detailMessage><l7:detailMessage id="4208">Authentication failed 

    Do you think,we need a server start after this change?



  • 4.  Re: public Certificate of godaddy

    Broadcom Employee
    Posted Jul 04, 2018 09:21 PM

    'cn=go daddy secure certificate authority - g2' looks like an intermediate certificate, not likely a root certificate.

    For intermediate certificate, you still need to import to the gateway.



  • 5.  Re: public Certificate of godaddy

    Posted Jul 04, 2018 10:40 PM

    Thanks for the clarification.