Godaddy SSL certificate is not trusted by Android browsers (HTC). Even Certificate Chain has been installed correctly. Which SSL certificate is better than Godaddy?

Not an answer, but might help someone drill further into this-- I see that when I install a GoDaddy wildcard cert directly on my server, Android loves it. When I try to install the same cert on an Amazon load balancer, I get the "not trusted" error, even though all desktop browsers are ok with it. I did have to massage the cert with OpenSSL to get it to load on Amazon, which may have had an effect, or it may be that the intermediate cert isn't loaded on Amazon.

I have install the SSLCACertificateFile already. As far as I know, SSLCACertificateFile will do everything for the intermediate certificates. I also mentioned that I have checked my SSL installation with http://www.sslshopper.com/ssl-checker.html tool and I am sure that my intermediate certificates is installed.

I agree with Robert Love that you should visit: http://support.godaddy.com/help/article/870/what-happens-if-i-dont-install-intermediate-certificates And also our Phone Support is world class and we'd love to troubleshoot your cause directly. However, I also know that DIY is fun too. I've had this occur due to the reason Paul Cullum specifies. The most versatile chain to use is called: GoDaddy Certificate Bundles - G2 With Cross to G1, includes Root It may be found at: https://certs.godaddy.com/repository The use case we had is a GD certificate located in a very restricted network, so it was not able to trust just the root or g2 (as it was an older non-updated browser) nor update via internet. This seemed to give it enough info to verify without importing the certificate or updating the system.

The SHA-2 GoDaddy certs by default only chain to the new SHA-2 root certificate (which is newer and thus not available on everything- especially older linux systems, java,  basically any non-browser that has a keystore or out of date browser). This can be fixed by either: ditching GoDaddy, or installing their 'crossover' chain, or just ignore the portion of the interweb that may have problems.

I'm going to guess that the problem is that the cacerts file used by your browser doesn't contain GoDaddy's G2 root certificate (gdroot-g2.crt).  Java doesn't actually contain this certificate either by default. I'm not sure why. Check your certificate to see which root certificate it is derived from. You can ask GoDaddy to give you an alternate version that is derived from their older Class 2 root certificate (you could consider it the "G1").  They should do that free of charge for you. I bet Chrome would work. I believe this was an Android wide problem for 2.1 and earlier. I'm not sure about what browser you are using on whatever model/version of HTC phone you are using. If this isn't the case and Goaddy's G2 CA cert does happen to be one of your browser's trusted CA certs then the problem might be that you don't have the intermediate certificate in the certificate chain used for your website.

I suggest you for small and medium sized businesses, Comodo is the best, Comodo offers both free and paid SSL certificates. The range of SSL certificates includes Comodo SSL, EV SSL , Wildcard Certificates and UC Certificates. Some of the features of the certificate include immediate validation and issuance, unlimited server licenses, 30 day money back guarantee among others. With Comodo Wildcard SSL, you can cover all subdomains. https://blog.instantssl.com/2014/02/comodo-free-ssl-certificate-the-right-trial-option/

In your apache .conf file set         SSLCertificateFile /etc/apache2/your_cert/file.crt         SSLCertificateKeyFile /etc/apache2/godaddy_key/file.key         SSLCertificateChainFile /etc/apache2/godaddy_cert/file.crt