Android handsets do not recognise GoDaddy’s SSL certificates

I’ve just spent some time to figure out why my Android mobile can’t connect to certain mail account (both IMAP and SMTP, delivered over SSL and TLS respectively). The problem is that SSL certificates were signed by GoDaddy, which is not trusted CA on Android platform. The standard mail application does not allow you to accept untrusted certificates, so the easiest workaround was to use other email client. Came across K-9 Mail, which looks and feels way better than the one that comes shipped with the phone (and does have an option to accept untrusted certificate).

Share
  1. Go Daddy SSLs are actually included with the Android OS, so you shouldn’t have trouble using the default email client. A common reason for this error is that the intermediate certificate isn’t installed. If it’s your certificate, or you know the owner, have them contact us at http://community.godaddy.com/support for assistance in getting that intermediate issue straightened out. Here’s more info: http://go.me/5j

    Regards,
    Alicia

    • Maciej Wiercinski
    • June 24th, 2010 8:20pm

    Hi Alicia,

    Thanks for you help and comment. I would appreciate if I received such response to my support case in the first place. Instead of I’ve received copy & paste article praising GoDaddy’s 99% browser ubiquity, effectively telling me to go you know where…

    • Matt
    • May 5th, 2011 8:40pm

    My site has the godaddy bundle of intermediate certs and this problem still happens on android, iphone, and mac safari.

    • Tester
    • July 3rd, 2011 3:31pm
    • Michael
    • October 25th, 2011 4:03pm

    Something to keep in mind is that even if you add the SSLCertificateChainFile /usr/local/dailycandy/security/gd_bundle.crt
    directive to ssl.conf, any request from your page to an improperly configured server (ad networks) will still cause a cert warning to pop.

    • MP
    • October 28th, 2012 9:56pm

    I’ve separated root CA from GoDaddy crt bundle. and specified it as a SSLCADNRequestFile . Now I do not have warning on my mobile. Just GoDaddy instructions are good for browsers , but not for mobiles that may have thinner SSL stack so doesn’t check full certification chain.

  1. No trackbacks yet.