Intermediate certificates are not passed on by the server

SSL certificates are not directly signed by the root certificates that are stored in the browsers, but by an intermediate or intermediate certificate. This intermediate certificate is a type of certificate used by the publishers of certificates (CA) to sign client certificates.

The browser will only see a certificate as trusted if it can be traced backto a root certificate which is known to the browser. To trace the certificate back to one of the known root certificates in the browser all intermediate certificates must be passed by the web server to the browser. If the server does not, the browser will have trouble resolving the certificate to one of the known root certificates, and makes the browser show an error that the certificate is not trusted.

To have the Web server transmit the root and intermediate certificates, those must be installed on the server. All required root and intermediate certificates are recieved with delivery of the certificate, but can also be separately downloaded. Manuals for installation of the root and intermediate certificates can be found in our knowledgebase. Please note that the web server must be often restarted to load the certificates.


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues