Ask a Question

Advanced Search

Solution ID : SO16318

Last Modified : 05/31/2019

Error: "Trusted Authority can not be verified" after installing SSL on Microsoft IIS 5.0, 6.0, or 7.0


When installing a SSL certificate in Microsoft IIS 5.0, 6.0, or 7.0 the one of the following errors is received:

  • Error: "The security certificate was issued by a company you have not chosen to trust"
  • Error: "Trusted Authority can not be verified"


This error occurs when Intermediate CA certificates are not installed on the Microsoft IIS server. Therefore, client browsers unable to verify the signer of the SSL certificate on the server.


To resolve chaining issues within Microsoft IIS server, perform the following steps:

Step 1:  Download the updated Intermediate CA certificates

  1. Go to: Intermediate CA Certificates page. Under the Separate CAs column, select the CA certificates
    for your SSL certificate type.
    NOTE: If you are not sure which certificate you have purchased, follow the steps from this link.
  1. Copy and paste the contents of the Intermediate CA certificates into two separate Notepad files.
  2. Save the files as intermediate-one.cer and intermediate-two.cer on your server.

    NOTE: If your SSL certificate was issued before October 10, 2010, and if it is not a certificate with Extended Validation,
    you only need one intermediate certificate. In order to obtain this previous version of the intermediate certificate,
    please scroll down to the bottom of the download page for your product and follow the link there.

Step 2: Adding the Certificates Snap-in to the Microsoft Management Console (MMC):
  1. To create a Microsoft Management Console (MMC) certificate snap-in, refer to this solution.

Step 3: Import the intermediate certificates using Microsoft Management Console (MMC)

Import separate Intermediate CA Certificates (i.e. Primary and Secondary) using the Microsoft Management Console (MMC).

  1. Using the same Console, double-click on Intermediate Certification Authorities from the right pane
  2. Right-click on Certificates from the right pane and select All Tasks > Import to open the Certificate Import Wizard
  3. Click Next
  4. Specify the location of the Symantec Intermediate CA file obtained from Step 1 by clicking Browse
  5. Click Next
  6. By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Next button.
  7. Click Finish
  8. A message will appear confirming the successful import of the certificate. Click OK

Step 4: Verify certificate installation

  1. Stop and start your Web server prior to any testing
    NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
  2. Verify your installation with the DigiCert SSL Certificate Checker