To resolve chaining issues within Microsoft IIS server, perform the following steps:
Step 1: Download the updated Intermediate CA certificates
- Go to: Intermediate CA Certificates page. Under the Separate CAs column, select the CA certificates
for your SSL certificate type.
NOTE: If you are not sure which certificate you have purchased, follow the steps from this link.
- Copy and paste the contents of the Intermediate CA certificates into two separate Notepad files.
- Save the files as intermediate-one.cer and intermediate-two.cer on your server.
NOTE: If your SSL certificate was issued before October 10, 2010, and if it is not a certificate with Extended Validation,
you only need one intermediate certificate. In order to obtain this previous version of the intermediate certificate,
please scroll down to the bottom of the download page for your product and follow the link there.
Step 2: Adding the Certificates Snap-in to the Microsoft Management Console (MMC):
- To create a Microsoft Management Console (MMC) certificate snap-in, refer to this solution.
Step 3: Import the intermediate certificates using Microsoft Management Console (MMC)
Import separate Intermediate CA Certificates (i.e. Primary and Secondary) using the Microsoft Management Console (MMC).
- Using the same Console, double-click on Intermediate Certification Authorities from the right pane
- Right-click on Certificates from the right pane and select All Tasks > Import to open the Certificate Import Wizard
- Click Next
- Specify the location of the Symantec Intermediate CA file obtained from Step 1 by clicking Browse
- Click Next
- By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Next button.
- Click Finish
- A message will appear confirming the successful import of the certificate. Click OK
Step 4: Verify certificate installation
- Stop and start your Web server prior to any testing
NOTE: In some cases the changes may not take place after restarting IIS Services and a re-boot is needed.
- Verify your installation with the DigiCert SSL Certificate Checker