search cancel

How do I Resolve Issues on my ProxySG with the Godaddy Sha1 to Sha2 Crossover?


Article ID: 168411


Updated On:


ProxySG Software - SGOS


You have a reverse proxy with a Godaddy certificate.

Read the attached document from Godaddy explaining the crossover certificate, and the chaining required for it to work across various certificate equipped devices

When checking the certificate offered and the certificate path presented using a test utility like you are not seeing the proper Sha1 to Sha2 crossover, which will impact Sha1 equipped clients trying to browse across the reverse proxy


By default the ProxySG appliance is configured for the CCL (CA Certificate List) of All Root CAs

Even if you import the Godaddy Crossover cert (Hash signature Hash 34 0B 28 80 F4 46 FC C0 4E 59 ED 33 F5 2B 3D 08 D6 24 29 64), the ssl scan will reflect the original certificate chain.



You need to create a custom CCL list that uses the below certificates only, and assign that CCL list to the reverse proxy service:
  1.  Import the Godaddy crossover cert into the ProxySG appliance.  Use the attached word document to obtain the file, then go to Configuration > SSL > CA Certificates > CA Certificates > Import.
  2. Create custom CA Certificate List, (CCL) > Configuration > SSL > CA Certificate > CA Certificate Lists > Create New.
  3. Name the new CA Certificate List.
  4. Add the below CA certificates that exit in proxy to the CCL, in addition to the newly imported Godaddy Crossover cert:
    • GoDaddySecureCA-G2
    • Go_Daddy_Class_2_CA
  5. Click Apply.
  6. Go to Configuration > Services, select the SSL Reverse Proxy service and click Edit. The Edit Service dialog displays.
  7. Change the CCL to use the new list you created in step 2 above. 
  8. Click Apply.
  9. Retest from or your chosen utility.  The your browser or utility may need the cache cleared as is the case with Do that, then confirm the certificate path matches what is expected in the Word document attached to this article


GoDaddys SHA2 crossover.docx get_app