GoDaddy SSL Certificates and Cannot Verify Identity on Mac/Safari
Written by David Mytton
Last weekend we set up SSL support for our server monitoring application, Server Density. We used GoDaddy.com to purchase the wildcard certificate because they have the cheapest prices but after installing, Safari popped up with this error:
Safari can’t verity the identity of the website “boxedice.serverdensity.com”. The certificate for this website was signed by an unknown certifying authority.
It works fine in Firefox on Mac but not Safari. Aparrantly it also works fine on Windows. Since we work on Macs and use Safari, there was no way we weren’t going to get this resolved!
I searched Google and found this blog post which explains the problem, although it is not very clear about the fix.
The problem turns out to be that the server isn’t configured to provide the full issuing certificate chain all the way back to the root SSL certificate (which is in OS X’s set of trusted roots by default).
When I downloaded by GoDaddy certificate, it had my regular .crt file but also a gd_bundle.crt file. I didn’t know what this was and there were no instructions on the GoDaddy site explaining what to do with it, so I ignored it.
To fix this, you need to use gd_bundle.crt and provide it as an option for SSLCertificateChainFile in Apache in your SSL config files: