Go Daddy Root Certificate is corrupt

Home Forums Client Operating Systems Windows 2000 Pro, XP Pro Go Daddy Root Certificate is corrupt

This topic contains 10 replies, has 4 voices, and was last updated by Avatar Tomecole 4 years, 12 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • Avatar
    Tomecole
    Member
    #163570

    My friend (still on XP-SP3) cannot connect to any secure sites that rely on the Go Daddy root certificate, saying the certificate is corrupt or altered.
    I went to the Go Daddy site and downloaded the .crt file and attempted to import it into the secure store but while the Cert Manager reported success, nothing changed that I can tell. The cert is still considered corrupt and the user cannot access certain websites, such as dropbox.com and others.
    I have been working in IT for years but have no experience with this particular type of problem Any help would be greatly appreciated

    Avatar
    biggles77
    Spectator
    #213092

    Re: Go Daddy Root Certificate is corrupt

    Did you use MMC.EXE add Certificates snap-in and then Import into Trusted Certificates?

    Don’t know why the Cert is required for Dropbox as I can access it without a Godaddy cert. Maybe more information is required.

    Avatar
    Tomecole
    Member
    #366749

    Re: Go Daddy Root Certificate is corrupt

    Thank you, Biggles77 for the reply.

    Yes, I did use the snap-in certificate manager (certmgr.msc) to import the certificate. As I said, it reported success but when checking the certificate again there still was no joy.
    https://www.dropbox.com uses Go Daddy G2 Root certificate, as well as I can tell. (screenshot attached).

    tehcamel
    tehcamel
    Moderator
    #359669

    Re: Go Daddy Root Certificate is corrupt

    when you opened the certificates snapin, did you target it to user, computer or service ?

    your error you posted actrually looks different and not necessarily related to a root certificate..

    Avatar
    Tomecole
    Member
    #366750

    Re: Go Daddy Root Certificate is corrupt

    Thank you, tehcamel for your reply.

    I don’t know how to answer your question about targeting. I would suspect that the answer is computer, but without a full understanding of the question that may well be incorrect.

    I found the user received a security error saying it is not the real dropbox.com from both IE8 and Chrome. This happened when trying to access dropbox.com but he could successfully access some other https:// sites. I looked at the certificate that dropbox uses and found it was the Go Daddy Root Certificate

    Logging into the XP machine as administrator and using certmgr.msc I was able to view the root certificates store from “trusted root certification authority” . Clicking on the Go Daddy Root Certificate G-2, it was noted as being “corrupt or altered”. Opening the “Third party root certification authority” also showed the Go Daddy Root certificate as “corrupt or altered”. The user can access other secure sites; just not the ones who rely on a Go Daddy Root cert. That was my rational for suspecting the problem was related to the Go Daddy Root Certificate.

    I went to the Go Daddy ftp site and downloaded a new root cert and again, as administrator and using certmgr.msc, I imported it into the secure store. The Certificate Manager snapin reported a successful import. When I looked at the certificate again, from the snapin, it still showed corrupt or altered. That is where I am now. He still cannot access sites using the Go Daddy Root Certificate. Thawrte, GeoTrust and others work fine; just not Go Daddy.

    Blood
    Blood
    Moderator
    #336466

    Re: Go Daddy Root Certificate is corrupt

    Have you seen this guide:

    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_cmprocsimport.mspx?mfr=true

    Might help.

    Avatar
    Tomecole
    Member
    #366751

    Re: Go Daddy Root Certificate is corrupt

    Thank you Blood for your reply.

    Yes, I have seen that guide and that procedure is exactly what I followed; just without the desired result.

    tehcamel
    tehcamel
    Moderator
    #359674

    Re: Go Daddy Root Certificate is corrupt

    when you open the Certmgr snapin, it asks you whether you want user,computer,service
    that’s what I referred to by targetting.

    I wonder if this has some sort of relationship to the Heartbleed issue recently. Maybe some new upstream root certifices have been issued, which other operating systems provide as patches (which XP doesn’t get any more?)

    just a guess..

    Avatar
    Tomecole
    Member
    #366752

    Re: Go Daddy Root Certificate is corrupt

    I believe I have it figured out.

    According to http://support.microsoft.com/kb/822798 there is a group policy setting, “Enable trusted publisher lockdown” that has to be disabled before you can import a certificate, then it should be re-enabled again afterwards.

    I will try it tomorrow and let you good folks know the outcome.

    Avatar
    biggles77
    Spectator
    #213093

    Re: Go Daddy Root Certificate is corrupt

    tehcamel;283137 wrote:
    when you open the Certmgr snapin, it asks you whether you want user,computer,service
    that’s what I referred to by targetting.

    I wonder if this has some sort of relationship to the Heartbleed issue recently. Maybe some new upstream root certifices have been issued, which other operating systems provide as patches (which XP doesn’t get any more?)

    just a guess..

    I would imagine the OP has used the User Account as that is the default. I would be inclined to try Computer Account first.

    [ATTACH]5983[/ATTACH]

    Avatar
    Tomecole
    Member
    #366753

    Re: Go Daddy Root Certificate is corrupt

    We may never know the answer to this one. The client purchased a Windows 7 replacement.

    Thanks everyone for your help!

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.