You can download the files you will need for this from the support section of the website here. Save these Certificates to the desktop of the web server machine, then:
Click the Start Button then select Run and type mmc
Click File and select Add/Remove Snap in
Select Add, select Certificates from the Add Standalone Snap-in box and click Add
Select Computer Account and click Finish (note: This step is very important. It must be the computer account and not the current user account)
Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC
To install your Root Certificate:
Right click the Trusted Root Certification Authorities, select All Tasks, then select Import.
Click Next.
Locate the Root Certificate and click Next.
When the wizard is completed, click Finish.
To install the Intermediate Certificate/Certificates:
Right click the Intermediate Certification Authorities, select All Tasks, select Import.
Complete the import wizard again, but this time locating the intermediate Certificate when prompted for the Certificate file.
(note you will need to repeat this step for all the intermediate certificates that are sent to you.)
Ensure that the Root certificate appears under Trusted Root Certification Authorities
Ensure that the intermediate certificate / certificates appears under Intermediate Certification Authorities
Once these are installed, you may need to restart the server.
The Windows root store application makes it easier to differentiate between the certificates as it lists down them in different categories. You can find the root certificates in the Trusted Root Certification Authorities and the intermediate certificates under the Intermediate Certification Authorities.
One is the server certificate issued for your domain; the other is the intermediate certificate, and finally, there's also the root certificate. The intermediate certificate links your server certificate to the root certificate. Altogether, they form the SSL chain of trust.
Installing a trusted root certificate is necessary only if you are notified that the certificate of authority is not trusted on any machine. This can occur when you use a private or custom certificate server instead of acquiring certificates from an established public certificate of authority.
You can create a certificate bundle by opening a plain text editor (notepad, gedit, etc) and pasting in the text of the root certificate and the text of the intermediate certificate. The order they go in depends on the type of server you are running.
Log on to Root Certification Authority Web Enrollment Site. ip_address = Root Certification Authority Server IP. fqdn = Fully qualified domain name of the Root Certification Authority Server. Select Download a CA certificate, certificate chain, or CRL.
Without Root Certificates and Intermediate Certificates, the entire Chain of Trust of a PKI is broken. Intermediate CAs are needed for end-user interaction, while Root CAs form the base of the Chain of Trust.
Can we have multiple intermediate certificates between server and client? Absolutely. 4 or even 5 certificates in a certificate chain is an extremely common occurrence.
To combine multiple PEM certificates, you just need to put the ASCII data from all of the certificates in a single file. Below is an example of this: To be safe, work on your certificate starting from the root certificate and then, the intermediate certificate. Work your way down the chain to the root certificate.
Introduction: My name is Kareem Mueller DO, I am a vivacious, super, thoughtful, excited, handsome, beautiful, combative person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.