Install intermediate certificates or root certificates manually
If you did not follow the installation with the overall file (.p7b) or if you have to install certificates manually, intermediate certificates and root certificate are missing (except if your server certificate is not chained).1- Launch the MMC
Direct link to launch the certificates' manager:Click on Start, execute, enter certmgr.mmc and click OK.
Or use the following instructions:
- Click on Start then select Run and enter mmc
- Click on File and select Add/Remove Snap in
- Choose Add, select Certificates in the Standalone Snap-in list then click Add
- Select Computer Account and click Next
- Select Local Computer and click Finish
- Close the window and click OK in the upper window
2- Place certificates to be imported on your desktop
First, identify certificates to be imported. NOTICE: the installation of the root certificate (the one in which issuer = subject is optional in most server software, in particular for Microsoft products. If you received your intermediate certificates and root certificate, download them and go directly to step 3. If not, go on your certificate's status page and click the button See the certificate and click See the entire certification chain.Here, you'll be able to visualize the entire chain and, from top to bottom, you can see the certificate that signed yours, the certificate that signed it and so on. If the subject and issuer fields of the last one are the same we name it root certificate. There can be several certificate between your server and the root certificate; that's what we call intermediate certificates.
Certificates must be imported one by one.
To do so, copy/paste on your desktop each certificate to be imported in a text file and follow the importation procedure here under.
You can also find the certificates we are using here:
3- Import an authority certificate
To import a certificate in the MMC:- Download the file and save it on your desktop (see up here)
- Distinguish intermediate certificates (not the last of list mentionned step 2) from root ones (the last of the list)
- If it's an intermediate certificate place you on Intermediate Certification Authorities
- If it's a root certificate: place you on Trust root certification authorities
- Right-click and select All Tasks then Import
- A helper appears. Select the file of the certificate to import.
- Then validate the default choices
- Make sure your certificate appeared in the list
4- Restart the server
If you have already installed your server certificate keep reading, if not, install it and ignore the following instructions.Once the entire certification chain manually imported in the appropriate directories, restart your web server.
Under IIS6, stop and start the machine can be enough, but usually the machine need to be restart. If it does not work restart the machine before calling us.
Problem sometimes encountered on Microsoft Windows:
"revocation check failed"
This issue is caused by the server which wants to check the CRL when importing the certificates. If its modul, that uses WinHTTP, cannot access internet, the operation fails.Troubleshooting: See our FAQ about OCSP protocol support
Useful links
- Intermediate certificates
- Root certificates (installed in browsers)
- Disable an Intermediate or Root Certificate on Windows Server
- Deactivate Thawte PCA (2036) root
- Deactivate VeriSign Class 3 Public Primary Certification Authority - G5 (2036) root
- SHA1: Depreciation of SHA1 algorithm scheduled for 2015, 2016, 2017?
- Consult our online documentation to install your SSL server certificate correctly
Check your certificate installation with Co-Pibot:
In your Certificates' center, on your certificate's status page you'll see a "check your certificate" button. Click it to make sure your certificate has correctly been installed.Error messages that can be encountered on browser
Last edited on 06/22/2020 13:38:25 --- [search]