IIS - Install root and intermediate certificates
For a correct certificate chain, and to get accepted as a valid certificate by the clients, you should install the intermediate certificates that were provided with the delivery of your certificate. Those intermediate certificates sit between your domain certificate and the actual trusted root certificate of the CA. Without those intermediates some browsers will raise an error about the trust of the certificate. The root and intermediate certificates are delivered together with your domain certificate in the received ZIP file, but can be separately downloaded from the download page.
Store the root- and intermediate certificates where they are easily accessible on the server.
Note: Don't use the Start > Run > certmgr.msc, this allows only for certificate installation for the Current User, and not the required Local Computer account.
- Click Start > Run and enter mmc and then hit Enter.
- Click the menu item File and select Add/Remove Snap-in.
- Select the Certificates snap-in from the Add or Remove Snap-ins panel and click on Add.
- Select Computer Account and click on Next.
- Select Local Computer and click Finish.
- Click on OK in the Add or Remove Snap-ins screen to close the dialog.
- Select the MMC window.
- Install the root certificate if not yet installed by right-clicking on Trusted Root Certification Authorities and select All Tasks > Import...
- The Certificate Import Wizard opens. Click Next.
- Click Browse... , and navigate to the location where the root certificate is stored, and have it selected. Click OK to return to the main dialog, and click Next.
- After the wizard ends, click Finish.
- Repeat these steps for the intermediate certificates. Right-click on Intermediate Certification Authorities and navigate to All Tasks > Import...
- Click on Next and on the following window on Browse.... Now select one of the Intermediate certificates and click on OK.
- Click on Next and then Finish. The intermediate certificate has now been installed.
- Repeat steps 12 through 14 if there's more than one intermediate certificate in the chain.
- Check that the root certificate is now available under Trusted Root Certification Authorities, and the intermediate certificate(s) are available under Intermediate Certification Authorities and close the MMC; the installation has been finalized.
Note: In case that one or more root and/or intermediate certificates are misplaced or installed on a wrong location (like both in Trusted Root Certification Authorities and Intermediate Certification Authorities) the certificate won't work correctly. - Reboot your server. (This requires a real reboot - restarting the IIS service isn't sufficient.)
SSLCheck
Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues