This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM showing GoDaddy certificates as expired, even if they are not

Hallo community,

I have a Problem with my SG330 UTM cluster (running 9.604-2). Since Monday (I think) it shows sites with SSL certificates from GoDaddy as having expired certificates, even if the certificate itself is obviously valid.

I have checked the HTTPS CAs and both the intermediate CA (GoDaddy Secure Certificate Authority - G2) as well as the root CA (GoDaddy Root Certificate Authority - G2) are listed. I have even downloaded them from GoDaddy and re-uploaded them to the UTM - but that does not help.

A Screenshot of the error:

I am at a loss at the Moment.

Thanks!

 

 



This thread was automatically locked due to age.
Parents
  • This is really strange. Three things come to my mind while seeing this;

    1. Timestamp of UTM9

    2. Timestamp of the End machine

    3. What is the status of Proxy CA (Signing CA) in the UTM9? You can check that under Webserver Protection > Certificate Management > Certificate Authority.

    Regards

    Jaydeep

  • Hello Jaydeep,

    thanks for your Reply.

    The answers to your Questions:

    1. and 2.: I have checked the time of both the UTM and the client machine. They both get their time from the same GPS NTP source and are within one second of one another.

    3.: Our signing CA cert is valid until January 1, 2036 and is present in the cert store of the Client machine.

     

    Other Websites function normally. Only sites with certs from GoDaddy Show this behaviour.

     

  • Now that's something when creating a case will help. Please create a support case.

    Meanwhile, would you please check the output of these two commands from SSH?

    ls /etc/ssl/certs/ | grep Dadd

    ls /var/pattern/cadata/ca/ | grep Dadd

    This should give a list of the following CA's pem file:

    Go_Daddy_Class_2_CA.pem
    Go_Daddy_Root_Certificate_Authority_G2.pem
    STATIC_GoDaddy.com_Inc_Go_Daddy_Secure_Certification_Authority.pem

    Regards

    Jaydeep

Reply
  • Now that's something when creating a case will help. Please create a support case.

    Meanwhile, would you please check the output of these two commands from SSH?

    ls /etc/ssl/certs/ | grep Dadd

    ls /var/pattern/cadata/ca/ | grep Dadd

    This should give a list of the following CA's pem file:

    Go_Daddy_Class_2_CA.pem
    Go_Daddy_Root_Certificate_Authority_G2.pem
    STATIC_GoDaddy.com_Inc_Go_Daddy_Secure_Certification_Authority.pem

    Regards

    Jaydeep

Children