The ShareASale SSL certificate was recently updated to move to the more secure SHA-2 signature algorithm. This resulted in a change to the root certificate used to sign the ShareASale certificate. All of the major web browser vendors keep their browsers up to date with a built in list of trusted root certificates, so this new certificate is automatically accepted and trusted. However, if you are connecting to ShareASale via a programming language, you may need to update the root certificate list used by that HTTP Client. For the Java HTTP Client, for example, this is accomplished using the keytool command line program included in the JDK (tutorial here: http://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html). Every language is different, but a quick search for “[Your Favorite HTTP Client] Install Trusted Root Certificate” should point you in the right direction.
You can get copies of the certificates you need right from most web browsers. Navigate to https://www.shareasale.com and click on the security icon in your browser and choose “View Certificate” or similar. There are two certificates in the path that you will need to add, a root and an intermediary. They are:
Go Daddy Root Certificate Authority – G2
Go Daddy Secure Certificate Authority – G2
Most browsers will let you export the certificates right from that view. You can also get various versions of these certificates here:
https://certs.godaddy.com/anonymous/repository.pki
If you are interested in learning more about the move to SHA-2, check out these pages:
https://garage.godaddy.com/webpro/security/google-chrome-phasing-ssl-certs-using-sha-1/
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
Leave A Comment