On Thu, Jan 21, 2010 at 3:58 PM, Chris Buechler <[email protected]> wrote:
> That's a problem with the cert. That means the CA that signed your > cert isn't trusted by those browsers. That's what you get at times > with cut rate CAs like Godaddy, though that's where we get our certs > and I haven't seen any such issues on ours, I have on other certs I've > gotten from Godaddy in the past. I would contact them and complain, > any cert you pay for should be recognized by all the major browsers. > > I thought I might correct this misconception about why certificate chains exist. GoDaddy and other CAs have a master certificate which is installed in browsers. If they would use this master certificate to sign regular certificates and it would be compromised, they would need to have the certificate removed from everywhere it is installed (not an simple task). Instead, they create several other certificates and use those to generate regular certificates. Then, if there is a problem, they can revoke the sub-certificate. So your browser almost certainly has the GoDaddy root certificate installed, it just does not know the chain. The way I solved this problem (I get certs from StartSSL, and almost no one has the intermediate certificates from them) was by pasting the intermediate cert i nthe regular certificate box in the admin area. I am not sure if that is supposed to work, but I have not had any problems with it. - YK
