Intermediate certificates and their installation on the server

Intermediate and root certificates establish the TLS certificate’s trustworthiness. The TLS certificate, however, is not issued by the root certificate, but is issued by the intermediate certificate. If the intermediate certificate is missing from the server, the website visitor may receive a browser error saying that the site’s TLS certificate is not trusted.

untrusted TLS certificate in browser

Where to find the Intermediate certificate

The Intermediate certificate for the Windows platform and for Linux is sent by email, and you will receive it together with the new TLS certificate. You can find the intermediate certificate in the order details in your customer account.

All intermediate and root certificates can be found in our summary Intermediate and root certificates of our CAs (CA bundle).

How to install the intermediate certificate

Windows platform

In the Microsoft Management Console (MMC), add the "Certificates" snap-in for the entire server (not just the user) and then import the intermediate certificate you were given to the Console Root/Certificates (Local Computer)/Intermediate Certificattion Authorities/Certificates folder.

Linux platform

Save the intermediate certificate file to the default certificate folder (for example /usr/local/ssl/crt/). Then you need to configure the webserver configuration file httpd.conf for a particular domain using the certificate (typically found at /etc/httpd) and you need to add a Directive for the Intermediate certificate. For example.: SSLCertificateChainFile /usr/local/ssl/crt/linux_intermediate.pem

Has this article been useful?