<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Access Gateway (OAG): Uploading GoDaddy Certs
Mar 3, 2026
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview

The article provides the steps needed to upload the certificate from the zip file provided by the GoDaddy application.

Applies To
  • Okta Access Gateway (OAG)
  • SSL Certificate
  • GoDaddy
  • Certificate Signing Request (CSR)
Solution

To upload a certificate, these steps can be followed:

  1. Use a Secure Shell (SSH) connection to connect to the Access Gateway Management console. See the Management Console command-line reference documentation for more details.
  2. Press 2 to go to the Services submenu.
  3. Press 1 to go to the NGINX submenu.
  4. Press 6 to update a Secure Sockets Layer (SSL) certificate. The list of certificates appears.
  5. Select one of the following commands:
    • x: Exit the Add/modify certificates submenu.
    • a: Add a certificate. See the Add a certificate documentation for instructions.
    • #: Modify a certificate. See the Modify a certificate documentation for instructions.

 

GoDaddy

When a GoDaddy cert is issued, a Key and CSR are submitted to them. The Key must be uploaded to the Okta Access Gateway after the certificate is copied into the management console. If the key cannot be located, please submit a new Key and CSR to GoDaddy.

 

The GoDaddy zip file will contain three files:

  • .crt (issued cert)
  • .pem (issued cert)
  • gd_bundle-g2-g1.crt

The .crt and .pem files are the same; the .pem file is used for the system.

When uploading the certificates, paste the .pem (issued cert) into the console, then paste the "gd_bundle" immediately after it, which can be 3 certificates for a total of 4.

-----BEGIN CERTIFICATE-----
.pem cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
gd_bundle
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
gd_bundle
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- 
gd_bundle 
-----END CERTIFICATE----- 
Then press ctrl d and paste the key in.

Test and validation

Save the application, as this should ensure the cert is correctly pushed to each node.

This will show the certs that are used:

openssl s_client -showcerts -connect <OAG_Ip_Address>:443 -servername <Public Domain>

This can show errors when connecting:

curl -v  https://<oag-public domain>

Related References

Recommended content

Documentation
Obtain certificates
Still looking for help?
Loading
Okta Access Gateway (OAG): Uploading GoDaddy Certs