Last week some of our customers were affected by GoDaddy revoking SSL certificates, which in turn brought down a lot of secure sites and services like ADFS. If you are using a GoDaddy SSL certificate I would run, not walk to another public SSL certificate provider.
Here is the statement from GoDaddy;
Due to a software bug, the recently issued certificate for your domain was issued without proper domain validation, and in accordance with industry standards as a Certificate Authority, we will need to revoke your certificate as a precautionary measure. The certificate will be revoked today (January 10) by 9pm Pacific Time. The software bug that created the issue has been remedied. We continue to closely monitor our system.
In today’s world with tens of thousands of customers using single sign-on (SSO) with services like Azure, Office 365, Sharepoint, Sharefile and many others this GoDaddy certificate issue is significant and completely unnecessary. This was a result, not of a “BUG”, but because in my opinion GoDaddy has a bad system of verify domain ownership. When I called GoDaddy I was told that my customers would not be issued a refund on their certificates and they could write an email
I am currently in the process of moving all of our customers from GoDaddy to another provider for SSL, public facing DNS and as a domain registar. We have always used DigiCert on our Hosted PBX and Citrix desktop environment, which has been very reliable. DigiCert is more expensive, but how valuable is your time? I spent the better part of 48 hours over three days re-keying certificates and looking for services like ADFS that are dependant on enterprises getting into their email and Office 365 Apps.
The ADFS replacement was the most challenging, it’s not just a matter of importing certificates and bouncing the box. Besides setting up ADFS and Microsoft Web Application Proxy how often do you get into those boxes? I can tell you not very often. You have to reset the thumbprints, which if you don’t know powershell that well can be a problem.
If you need help with replacing your revoked GoDaddy certificates please contact us and we would be glad to walk you through it or we can get on a Gotomeeting and do it for you remotely.