06-05-2014 21:26 - edited 05-12-2016 16:08
06-05-2014 21:26 - edited 05-12-2016 16:08
This means that you do not have a valid TLS configuration or that you are using an unsupported TLS configuration.
Unsupported TLS configurations:
Self-signed certificates. You must use a certificate from a recognized certificate authority.
Ports other than 443
TLS+SNI. Commonly used by cloud providers.
TLS 1.1, TLS 1.2
Go Daddy Class 2 Certification Authority G2 CA SHA-2 certificates. This is a GoDaddy issue. Rekey your certificate using SHA-1 signed by GoDaddy's Class 2 CA server (Update: Supported as of May 10, 2016)
If you are using a supported TLS configuration, verify that your certificate and all necessary intermediate certificates are properly installed on your server. You can use Symantec's SSL Toolbox.
You can also verify this using OpenSSL by running this command, replacing example.com with your domain: openssl s_client -showcerts -connect example.com:443
Answered! Go to the Best Answer.
09-08-2015 10:59
09-08-2015 10:59
@proby1: Can you please test now? The issue should be resolved.
09-01-2015 14:03
09-01-2015 14:03
Is the Go Daddy Root Certificate Authority - G2 problem still present in the FitBit subscription API?
According to that stack overflow link and the GoDaddy forums Java (Java SE 8 Update 31 and Java SE 7 Updates 75/76) has been updated to include thier new root cert. The java release was way back in January according to the linked blog post.
I'm getting nothing but the SSLHandshakeException in my subscriber log. I've used both SSL Labs tool and Symantec SSL tool. They are both showing that TLS 1.0 (no SNI) works on port 443. The certs are not self-signed. The only thing left on your list (which has been mightly helpful) is the silly GoDaddy issue. Is there anything I'm missing?
09-01-2015 15:55
09-01-2015 15:55
GoDaddy Class 2 Certification Authority G2 CA SHA-2 certificates are not yet supported. I am coordinating with an internal team regarding these updates.
09-08-2015 10:59
09-08-2015 10:59
@proby1: Can you please test now? The issue should be resolved.
09-15-2015 10:21
09-15-2015 10:21
Sorry for the delay, I was on vacation.
It looks great now, all green responses. Thank you so much.
05-12-2016 16:06
05-12-2016 16:06
Update: Go Daddy Class 2 Certification Authority G2 CA SHA-2 certificates are now supported.