The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy, which enhances the security of your SSL Certificate.
If the proper Intermediate CA is not installed on the server, your customers will see browser errors and may choose not to proceed further and close their browser.
NOTE: The Intermediate CA
- Supplies the necessary chaining to a trusted root in an SSL connection.
- Must be installed on the server acting as a chain link between the browser root and server certificate.
- Does not control encryption step-up. This function is controlled by the server software.
Step 1. Download the Root and Intermediate CA Certificate
- Download the Root CA certificate for your SSL product from this link: SO20329
- Download the Intermediate CA certificate from this link: INFO158
- Under Separate Intermediate CAs (x.509) column select the Intermediate CA certificate based on your SSL certificate product.
- Paste the Intermediate CA and the Root CA on a Notepad in the following order:
The Intermediate CA on the top, followed by the Root CA at the bottom.
[ Intermediate CA]
Step 2. Install the Root and the Intermediate CA certificates
- Ensure that any additional characters or line breaks have been added
- Save ther file as Intermediate.crt
- Using WinSCP transfer the intermediate certificate to the /nsconfig/ssl directory
- Log in to the Configuration utility of the appliance.
- Expand the SSL node.
- Click Certificates.
- On the SSL Certificates page, click Add.
- Specify the appropriate values in the various fields of the Install Certificate dialog box.
The following screenshot displays the sample values for your reference:
- Click Install.
- On the Certificates page, select the server certificate to which you want to link the intermediate certificate.
- Click Link.
- From the CA Certificate Name list, select the required intermediate certificate, as shown in the following screenshot:
- Verify the installation of the certificate chain using our RapidSSL SSL Installation Checker
For more information refer to Citrix Support