How do I install a chained SSL certificate?

  1. Home
  2. Knowledge Base
  3. GMS
  4. How do I install a chained SSL certificate?

Question

Most of the major SSL certificate vendors now issue certificates which require an additional intermediate certificate in order for the certificate chain to be complete.

Without this intermediate certificate, when I enable SSL and use the certificate provided by my vendor, I get an error in my browser that the certificate chain is incomplete, what should I do to resolve this?

Answer

For chained certificates to work, your certificate file needs to contain the complete chain – this means in addition to the certificate you were issued, you need the intermediate and root certificates from your certificate vendor.

For example – your standard certificate file will look something like this:


-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIQI2iruygq1g73Og87sJfZJDANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo
tKHfZ90uT8S+D/mj0uIA8/PglULsPVROj5KzQGPoXUMGxjwYL+FOGxwY18LGJwMO
LSPVncPKLSsTZemZ3LCdIA2uWd8jyrbuxdK97NlcCPtFhw==
-----END CERTIFICATE-----

This loads the single certificate – you need to edit this certificate file and include first the intermediate certificate, and then the root – so your file will now look something like this:


-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIQI2iruygq1g73Og87sJfZJDANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo
tKHfZ90uT8S+D/mj0uIA8/PglULsPVROj5KzQGPoXUMGxjwYL+FOGxwY18LGJwMO
LSPVncPKLSsTZemZ3LCdIA2uWd8jyrbuxdK97NlcCPtFhw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
QYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
-----END CERTIFICATE-----

The intermediate and root certificates should be available from your certificate vendor.

Keywords:SSL certificate chained

Was this article helpful?

Related Articles