Discerning GoDaddy SSL Certificate Types

I'm following these instructions for installing a GoDaddy Certificate in Apache Tomcat:

http://support.godaddy.com/help/article/5239/generating-a-csr-and-installing-an-ssl-certificate-in-tomcat-4x5x6x?locale=en

However, in the steps a root certificate, intermediate certificate, and certificate are referenced. How can I tell which file is which?

These are the names of the three files that I received in the download. I've tried opening each one in windows by simply double clicking too, but I see no reference to their type.

gd_bundle-g2-g1.crt

gdig2.crt

2b9918dccf2f1d.crt


Solution 1:

  • gd_bundle-g2-g1.crt: Go Daddy Certificate Bundles - G2 With Cross to G1, includes Root
  • gdig2.crt: Go Daddy Secure Server Certificate (Intermediate Certificate) - G2
  • 2b9918dccf2f1d.crt: Your certificate

Source: https://certs.godaddy.com/anonymous/repository.pki

Solution 2:

You can use openssl's x509 subcommand:

openssl x509 -subject -issuer -noout -in cert.pem

and check the output. Should be self explanatory.

An example:

$ openssl x509 -noout -issuer -subject -in gd-class2-root.crt
issuer= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
subject= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority

$ openssl x509 -noout -issuer -subject -in gd_intermediate.crt
issuer= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
subject= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287

You can also verify the chain of trust:

$ openssl verify -CAfile gd-class2-root.crt gd_intermediate.crt
gd_intermediate.crt: OK