Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install intermediate certificates or root certificates manually

If you did not follow the installation with the overall file (.p7b) or if you have to install certificates manually, intermediate certificates and root certificate are missing (except if your server certificate is not chained).

1- Launch the MMC

Direct link to launch the certificates' manager:
Click on Start, execute, enter certmgr.mmc and click OK.

Or use the following instructions:
  • Click on   Start then select  Run and enter mmc
  • Plesk SSl
  • Click on  File and select  Add/Remove Snap in
  • Plesk SSl
  • Choose  Add, select  Certificates in the   Standalone Snap-in list then click  Add
  • Plesk SSl
  • Select  Computer Account and click  Next
  • Plesk SSl
  • Select   Local Computer and click  Finish
  • Plesk SSl
  • Close the window and click OK in the upper window
  • Plesk SSl

2- Place certificates to be imported on your desktop

First, identify certificates to be imported. NOTICE: the installation of the root certificate (the one in which issuer = subject is optional in most server software, in particular for Microsoft products. If you received your intermediate certificates and root certificate, download them and go directly to step 3. If not, go on your certificate's status page and click the button See the certificate and click See the entire certification chain.

Here, you'll be able to visualize the entire chain and, from top to bottom, you can see the certificate that signed yours, the certificate that signed it and so on. If the subject and issuer fields of the last one are the same we name it root certificate. There can be several certificate between your server and the root certificate; that's what we call intermediate certificates.
Certificates must be imported one by one.

To do so, copy/paste on your desktop each certificate to be imported in a text file and follow the importation procedure here under.

You can also find the certificates we are using here:

3- Import an authority certificate

To import a certificate in the MMC:
  • Download the file and save it on your desktop (see up here)
  • Distinguish intermediate certificates (not the last of list mentionned step 2) from root ones (the last of the list)
  • If it's an intermediate certificate place you on   Intermediate Certification Authorities
  • If it's a root certificate: place you on  Trust root certification authorities
  • Right-click and select All Tasks then Import
  • Plesk SSl
  • A helper appears. Select the file of the certificate to import.
  • Plesk SSl
  • Then validate the default choices
  • Plesk SSl Plesk SSl
  • Make sure your certificate appeared in the list

4- Restart the server

If you have already installed your server certificate keep reading, if not, install it and ignore the following instructions.

Once the entire certification chain manually imported in the appropriate directories, restart your web server.

Under IIS6, stop and start the machine can be enough, but usually the machine need to be restart. If it does not work restart the machine before calling us.

Problem sometimes encountered on Microsoft Windows:
"revocation check failed"

This issue is caused by the server which wants to check the CRL when importing the certificates. If its modul, that uses WinHTTP, cannot access internet, the operation fails.

Troubleshooting: See our FAQ about OCSP protocol support

Useful links

Check your certificate installation with Co-Pibot:

In your Certificates' center, on your certificate's status page you'll see a "check your certificate" button. Click it to make sure your certificate has correctly been installed.


Error messages that can be encountered on browser