IIS - Install root and intermediate certificates

For a correct certificate chain, and to get accepted as a valid certificate by the clients, you should install the intermediate certificates that were provided with the delivery of your certificate. Those intermediate certificates sit between your domain certificate and the actual trusted root certificate of the CA. Without those intermediates some browsers will raise an error about the trust of the certificate. The root and intermediate certificates are delivered together with your domain certificate in the received ZIP file, but can be separately downloaded from the download page.

Store the root- and intermediate certificates where they are easily accessible on the server.

Note: Don't use the Start > Run > certmgr.msc, this allows only for certificate installation for the Current User, and not the required Local Computer account.

  1. Click Start > Run and enter mmc and then hit Enter.
  2. Click the menu item File and select Add/Remove Snap-inIIS - Installatie root en intermediate certificaten
  3. Select the Certificates snap-in from the Add or Remove Snap-ins panel and click on AddIIS - Installatie root en intermediate certificaten
  4. Select Computer Account and click on NextIIS - Installatie root en intermediate certificaten
  5. Select Local Computer and click FinishIIS - Installatie root en intermediate certificaten
  6. Click on OK in the Add or Remove Snap-ins screen to close the dialog.
  7. Select the MMC window.
  8. Install the root certificate if not yet installed by right-clicking on Trusted Root Certification Authorities and select All Tasks > Import... IIS - Installatie root en intermediate certificaten
  9. The Certificate Import Wizard opens. Click NextIIS - Installatie root en intermediate certificaten
  10. Click Browse... , and navigate to the location where the root certificate is stored, and have it selected. Click OK to return to the main dialog, and click NextIIS - Installatie root en intermediate certificaten
  11. After the wizard ends, click Finish.
  12. Repeat these steps for the intermediate certificates. Right-click on Intermediate Certification Authorities and navigate to All Tasks > Import... IIS - Installatie root en intermediate certificaten
  13. Click on Next and on the following window on Browse.... Now select one of the Intermediate certificates and click on OK.
  14. Click on Next and then Finish. The intermediate certificate has now been installed.
  15. Repeat steps 12 through 14 if there's more than one intermediate certificate in the chain.
  16. Check that the root certificate is now available under Trusted Root Certification Authorities, and the intermediate certificate(s) are available under Intermediate Certification Authorities and close the MMC; the installation has been finalized.
    Note: In case that one or more root and/or intermediate certificates are misplaced or installed on a wrong location (like both in Trusted Root Certification Authorities and Intermediate Certification Authorities) the certificate won't work correctly.
  17. Reboot your server. (This requires a real reboot - restarting the IIS service isn't sufficient.)

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up