Question
Most of the major SSL certificate vendors now issue certificates which require an additional intermediate certificate in order for the certificate chain to be complete.
Without this intermediate certificate, when I enable SSL and use the certificate provided by my vendor, I get an error in my browser that the certificate chain is incomplete, what should I do to resolve this?
Answer
For chained certificates to work, your certificate file needs to contain the complete chain – this means in addition to the certificate you were issued, you need the intermediate and root certificates from your certificate vendor.
For example – your standard certificate file will look something like this:
-----BEGIN CERTIFICATE----- MIIFjjCCBHagAwIBAgIQI2iruygq1g73Og87sJfZJDANBgkqhkiG9w0BAQUFADCB sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo tKHfZ90uT8S+D/mj0uIA8/PglULsPVROj5KzQGPoXUMGxjwYL+FOGxwY18LGJwMO LSPVncPKLSsTZemZ3LCdIA2uWd8jyrbuxdK97NlcCPtFhw== -----END CERTIFICATE-----
This loads the single certificate – you need to edit this certificate file and include first the intermediate certificate, and then the root – so your file will now look something like this:
-----BEGIN CERTIFICATE----- MIIFjjCCBHagAwIBAgIQI2iruygq1g73Og87sJfZJDANBgkqhkiG9w0BAQUFADCB sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL 4FrSjb/BTZV4p5eLrCYyZ3rPbVIEvplzw53TsQDKR/NtVTzY32o0p6wHdkb+B1oo tKHfZ90uT8S+D/mj0uIA8/PglULsPVROj5KzQGPoXUMGxjwYL+FOGxwY18LGJwMO LSPVncPKLSsTZemZ3LCdIA2uWd8jyrbuxdK97NlcCPtFhw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl QYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== -----END CERTIFICATE-----
The intermediate and root certificates should be available from your certificate vendor.
Keywords:SSL certificate chained