You have successfully installed your SSL Certificate on a windows server system although you might be having some trust issues on certain browsers or applications are not fully trusting your SSL Certificate. This may be due to a lack of an intermediate CA certificate file that helps Chain the Trust to your clients browsers or systems.
Or, instead of installing a pkcs#7 certificate that has the intermediate embedded in the server certificates code you installed an x509 version of your certificate which does not have the intermediate within it.
In order to import your SSL Certificate Intermediate CA Certificate perform the following.
Step 1: Downloading Intermediate CA certificate:
- If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email.
- Copy and paste the contents of your Intermediate CA make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer. Ensure there are no white spaces, extra line breaks or additional characters into its own Notepad file and save it with a .cer extension.
Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .cer files and installed one at a time in a repeated process for intermediate installation.
Step 2: Create an MMC Snap-in for Managing Certificates:
- Start > run > MMC.
- Go into the Console Tab > File > Add/Remove Snap-in.
- Click on Add > Click on Certificates and click on Add.
- Choose Computer Account > Next.
- Choose Local Computer > Finish.
- Close the Add Standalone Snap-in window.
- Click on OK at the Add/Remove Snap-in window.
Step 3: Importing your Intermediate CA Certificate:
- Expand to Certificates (Local Computer) > Intermediate Certificate Authorities > Certificates > All Tasks > Import.
- At the Certificate Import Wizard click Next.
- Click Browse. Specify the location location of your Intermediate CA .cer file.
- Select Place all certificates in the following store.
- Click Next.
- At the Completing the Certificate Import Wizard screen click Finish.
- You should now see your Intermediate CA under the Certificates Store for Intermediate Certification Authorities.
You have imported your Intermediate CA into your IIS/Exchange system.
To have your systems acknowledge your intermediate installation perform the following:
- You will have to press f5 on your IIS/Exchange Management portal to refresh and acknowledge your Intermediate installation.
- You will have to start/stop IIS services in order for IIS/Exchange to acknowledge your Intermediate installation.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.