Windows Server IIS/Exchange – Intermediate Installation

You have successfully installed your SSL Certificate on a windows server system although you might be having some trust issues on certain browsers or applications are not fully trusting your SSL Certificate. This may be due to a lack of an intermediate CA certificate file that helps Chain the Trust to your clients browsers or systems.

Or,  instead of installing a pkcs#7 certificate that has the intermediate embedded in the server certificates code you installed an x509 version of your certificate which does not have the intermediate within it.

In order to import your SSL Certificate Intermediate CA Certificate perform the following.

Step 1: Downloading Intermediate CA certificate:

  1. If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email.
  2. Copy and paste the contents of your Intermediate CA make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer. Ensure there are no white spaces, extra line breaks or additional characters into its own Notepad file and save it with a .cer extension.
    Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .cer files and installed one at a time in a repeated process for intermediate installation.

Step 2: Create an MMC Snap-in for Managing Certificates:

  1. Start > run > MMC.
    mmc
  2. Go into the Console Tab > File > Add/Remove Snap-in.
    mmc
  3. Click on Add > Click on Certificates and click on Add.
    mmc
  4. Choose Computer Account > Next.
    mmc export
  5. Choose Local Computer > Finish.
    mmc export
  6. Close the Add Standalone Snap-in window.
  7. Click on OK at the Add/Remove Snap-in window.

Step 3: Importing your Intermediate CA Certificate:

  1. Expand to Certificates (Local Computer) > Intermediate Certificate Authorities > Certificates > All Tasks > Import.
    Intermediate Install
  2. At the Certificate Import Wizard click Next.
    Intermediate Install
  3. Click Browse. Specify the location location of your Intermediate CA .cer file.Intermediate Install
  4. Select Place all certificates in the following store.
  5. Click Next.
    Intermediate Install
  6. At the Completing the Certificate Import Wizard screen click Finish.Intermediate Install
  7. You should now see your Intermediate CA under the Certificates Store for Intermediate Certification Authorities.

You have imported your Intermediate CA into your IIS/Exchange system.

To have your systems acknowledge your intermediate installation perform the following:

  • You will have to press f5 on your IIS/Exchange Management portal to refresh and acknowledge your Intermediate installation.
  • You will have to start/stop IIS services in order for IIS/Exchange to acknowledge your Intermediate installation.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »