Announcement

Collapse
No announcement yet.

Go Daddy Root Certificate is corrupt

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Go Daddy Root Certificate is corrupt

    My friend (still on XP-SP3) cannot connect to any secure sites that rely on the Go Daddy root certificate, saying the certificate is corrupt or altered.
    I went to the Go Daddy site and downloaded the .crt file and attempted to import it into the secure store but while the Cert Manager reported success, nothing changed that I can tell. The cert is still considered corrupt and the user cannot access certain websites, such as dropbox.com and others.
    I have been working in IT for years but have no experience with this particular type of problem Any help would be greatly appreciated

  • #2
    Re: Go Daddy Root Certificate is corrupt

    Did you use MMC.EXE add Certificates snap-in and then Import into Trusted Certificates?

    Don't know why the Cert is required for Dropbox as I can access it without a Godaddy cert. Maybe more information is required.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Go Daddy Root Certificate is corrupt

      Thank you, Biggles77 for the reply.

      Yes, I did use the snap-in certificate manager (certmgr.msc) to import the certificate. As I said, it reported success but when checking the certificate again there still was no joy.
      https://www.dropbox.com uses Go Daddy G2 Root certificate, as well as I can tell. (screenshot attached).
      Attached Files

      Comment


      • #4
        Re: Go Daddy Root Certificate is corrupt

        when you opened the certificates snapin, did you target it to user, computer or service ?

        your error you posted actrually looks different and not necessarily related to a root certificate..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Go Daddy Root Certificate is corrupt

          Thank you, tehcamel for your reply.

          I don't know how to answer your question about targeting. I would suspect that the answer is computer, but without a full understanding of the question that may well be incorrect.

          I found the user received a security error saying it is not the real dropbox.com from both IE8 and Chrome. This happened when trying to access dropbox.com but he could successfully access some other https:// sites. I looked at the certificate that dropbox uses and found it was the Go Daddy Root Certificate

          Logging into the XP machine as administrator and using certmgr.msc I was able to view the root certificates store from "trusted root certification authority" . Clicking on the Go Daddy Root Certificate G-2, it was noted as being "corrupt or altered". Opening the "Third party root certification authority" also showed the Go Daddy Root certificate as "corrupt or altered". The user can access other secure sites; just not the ones who rely on a Go Daddy Root cert. That was my rational for suspecting the problem was related to the Go Daddy Root Certificate.

          I went to the Go Daddy ftp site and downloaded a new root cert and again, as administrator and using certmgr.msc, I imported it into the secure store. The Certificate Manager snapin reported a successful import. When I looked at the certificate again, from the snapin, it still showed corrupt or altered. That is where I am now. He still cannot access sites using the Go Daddy Root Certificate. Thawrte, GeoTrust and others work fine; just not Go Daddy.

          Comment


          • #6
            Re: Go Daddy Root Certificate is corrupt

            Have you seen this guide:

            http://www.microsoft.com/resources/d....mspx?mfr=true

            Might help.
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Re: Go Daddy Root Certificate is corrupt

              Thank you Blood for your reply.

              Yes, I have seen that guide and that procedure is exactly what I followed; just without the desired result.

              Comment


              • #8
                Re: Go Daddy Root Certificate is corrupt

                when you open the Certmgr snapin, it asks you whether you want user,computer,service
                that's what I referred to by targetting.

                I wonder if this has some sort of relationship to the Heartbleed issue recently. Maybe some new upstream root certifices have been issued, which other operating systems provide as patches (which XP doesn't get any more?)


                just a guess..
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Go Daddy Root Certificate is corrupt

                  I believe I have it figured out.

                  According to http://support.microsoft.com/kb/822798 there is a group policy setting, "Enable trusted publisher lockdown" that has to be disabled before you can import a certificate, then it should be re-enabled again afterwards.

                  I will try it tomorrow and let you good folks know the outcome.

                  Comment


                  • #10
                    Re: Go Daddy Root Certificate is corrupt

                    Originally posted by tehcamel View Post
                    when you open the Certmgr snapin, it asks you whether you want user,computer,service
                    that's what I referred to by targetting.

                    I wonder if this has some sort of relationship to the Heartbleed issue recently. Maybe some new upstream root certifices have been issued, which other operating systems provide as patches (which XP doesn't get any more?)


                    just a guess..
                    I would imagine the OP has used the User Account as that is the default. I would be inclined to try Computer Account first.

                    Click image for larger version

Name:	Certs1.jpg
Views:	1
Size:	31.6 KB
ID:	466824
                    1 1 was a racehorse.
                    2 2 was 1 2.
                    1 1 1 1 race 1 day,
                    2 2 1 1 2

                    Comment


                    • #11
                      Re: Go Daddy Root Certificate is corrupt

                      We may never know the answer to this one. The client purchased a Windows 7 replacement.

                      Thanks everyone for your help!

                      Comment

                      Working...
                      X