Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Problem with GoDaddy CA Certificate

From: jayjwa <jayjwa_at_atr2.ath.cx>
Date: Sat, 2 Feb 2008 23:04:02 -0500

On Fri, 1 Feb 2008, John Smith wrote:

-> Problem solved. Looking at FireFox's certificates it became a bit more obvious that 2 certificates were required for validation.
->
-> It is still puzzling why the curl compiled with TLS worked and the other compiled with SSL didn't?
->
-> The following describes the process:
->
-> curl -G http://certificates.godaddy.com/repository/gd-class2-root.crt >
-> gd-class2-root.cert

There's nothing at that URL but some useless HTML. That's not a certificate at
all, so it's no use. BTW, GET is already used here, so you don't really need
"-G"

-> curl -G http://certificates.godaddy.com/repository/gd_intermediate.crt >
-> gd_intermediate.cert
-> openssl x509 -inform PEM -in gd_intermediate.cert -out gd_intermediate.pem
-> -text
-> cat gd_intermediate.pem gd-class2-root.pem >
-> gd-bundle.pem

That is a certificate, already PEM format. There is no need to involk openssl
on it.

The issuer of that certificate is:
Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification
Authority

Subject:
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc.,
OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure
Certification Authority/serialNumber=07969287

Why they split that up I have no idea, but you still need a real root here. In
a ROOT certificate, both Issue and Subject match:

Ex:

         Issuer: C=CA, ST=ON, L=Toronto, O=FortEngine Inc., OU=Certification
Authority Division, CN=fortengine/emailAddress=ca_at_fortengine.com
         Validity
             Not Before: Jan 1 00:00:00 1998 GMT
             Not After : Jan 17 00:00:00 2038 GMT
         Subject: C=CA, ST=ON, L=Toronto, O=FortEngine Inc., OU=Certification
Authority Division, CN=fortengine/emailAddress=ca_at_fortengine.com

Ex:

         Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority
         Validity
             Not Before: Jan 29 00:00:00 1996 GMT
             Not After : Aug 1 23:59:59 2028 GMT
         Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority 

-- 
   George Bush.
     - War-monger, Murderer, Anti-Patriot & Criminal
* NSA Warrentless country-wide wire tap on civilians
* Violations of the Geneva Convention/Torture
* Lowest USD value in recent memory
* Erroding of the US Constitution; Heb. Corpus gone
Received on 2008-02-03