As given here: https://help.webex.com/en-us/article/lfu88u/Single-Sign-On-Integration-in-Control-Hub under SSO Setup > Configure Webex Identity Service:
Signed by a public certificate authority—This option is secure and advisable if you get your certificates signed from a public CA such as Hydrant or Godaddy. However, you must renew the certificate once a year.
Therefore, for Java you may need to install the GoDaddy G2 Root and/or Intermediate certificates listed below in the keystore used by java. These are available from https://certs.godaddy.com/repository.
GoDaddy Certificate Chain - G2
| Name |
File |
Certificate Thumbprint (sha256) |
| GoDaddy Class 2 Certification Authority Root Certificate - G2 |
gdroot-g2.crt |
45 14 0B 32 47 EB 9C C8 C5 B4 F0 D7 B5 30 91 F7 32 92 08 9E 6E 5A 63 E2 74 9D D3 AC A9 19 8E DA |
| GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 |
gdig2.crt.pem (PEM)
gdig2.crt (DER) |
97 3A 41 27 6F FD 01 E0 27 A2 AA D4 9E 34 C3 78 46 D3 E9 76 FF 6A 62 0B 67 12 E3 38 32 04 1A A6 |
You may also need to install the GoDaddy G1 to G2 Cross certificate in your certificate keystore along with the intermediate certificate. This allows the SHA-2 certificates to be trusted by any client that recognizes the GoDaddy SHA-1 roots.
GoDaddy Certificate Chain
| GoDaddy G1 to G2 Cross Certificate |
gdroot-g2_cross.crt |
3A 2F BE 92 89 1E 57 FE 05 D5 70 87 F4 8E 73 0F 17 E5 A5 F5 3E F4 03 D6 18 E5 B7 4D 7A 7E 6E CB |
GoDaddy SHA-1 roots:
| Name |
File |
Certificate Thumbprint (sha256) |
| GoDaddy Class 2 Certification Authority Root Certificate |
gd-class2-root.crt (PEM)
gd-class2-root.cer (DER) |
C3 84 6B F2 4B 9E 93 CA 64 27 4C 0E C6 7C 1E CC 5E 02 4F FC AC D2 D7 40 19 35 0E 81 FE 54 6A E4 |
Hope this helps!
Best regards,
Rudrakshi Srivastava
