Getting Certificate Error when connecting Atlassian Cloud with External Applications using GoDaddy Cert
Problem
Connecting Atlassian Cloud with external applications(HTTPS) e.g. application links, Bamboo to connect self hosted DVCS server might hit into certificate error below.
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing
Diagnosis
Environment
- HTTPS is configured to use certificate issued by GoDaddy.
Diagnostic Steps
- Run a certificate chain test using any online SSL checker and confirm the issuer is GoDaddy:
Cause
GoDaddy SSL certs don't work properly with JAVA.
Resolution
Install GoDaddy G1 to G2 Cross Certificate in the certificate chain.
- Download the crossover certificate from the following URL - https://certs.godaddy.com/repository/gdroot-g2_cross.crt
- Install it in the certificate chain
Current certificate chain would look like below before the crossover cert is installed:
- Go Daddy Root Certificate Authority -- G2: (SHA-2) -- Hash 47 BE AB C9 22 EA E8 0E 78 78 34 62 A7 9F 45 C2 54 FD E6 8B.
This is the root certificate that’s built into most systems (e.g. Chrome) but not built into Java. - Go Daddy Secure Certificate Authority -- G2: (SHA-2) -- Hash 27 AC 93 69 FA F2 52 07 BB 26 27 CE FA CC BE 4E F9 C3 19 B8
- Your SHA2 certificate
Below is how certificate chain should looked like after crossover cert is installed:
- Go Daddy Class 2 Certification Authority: (SHA-1) -- Hash 27 96 BA E6 3F 18 01 E2 77 26 1B A0 D7 77 70 02 8F 20 EE E4.
This is the old root certificate that’s built into most systems, including java. It’s really no concern that the signature on this one is SHA-1 since the entire certificate is included directly in the client. - Go Daddy Root Certificate Authority -- G2: (SHA-2) -- Hash 34 0B 28 80 F4 46 FC C0 4E 59 ED 33 F5 2B 3D 08 D6 24 29 64.
This is the so-called “GoDaddy G1 to G2 Cross Certificate”. - Go Daddy Secure Certificate Authority -- G2: (SHA-2) -- Hash 27 AC 93 69 FA F2 52 07 BB 26 27 CE FA CC BE 4E F9 C3 19 B8.
This is the same intermediate certificate as above. - Your SHA-2 Certificate
Credit to GoDaddy’s SSL certs don’t work in Java – The right solution.