Brainfarts Uncategorized Installing Intermediates (Chain) Certificates

Installing Intermediates (Chain) Certificates

December 9, 2009December 9, 2009| adminadmin| 0 Comment| 09:55
Categories:

This post was most recently updated on December 11th, 2018

Problem

How do I install the intermediate (chain) certificates on IIS 6?

Resolution

This guide will show you how to install the Intermediate (or chaining) Certificates onto your server when using IIS 5 or IIS 6.  In these instructions, you will use MMC (Microsoft Management Console) to install the certificates.

  1. Click on Start and then click on Run.  In the Run field, type in MMC.
  2. In the new window, click File at the top menu.
  3. Select Add/Remove Snap in from the drop down list.
  4. Click the Add… button.
  5. Select Certificates from the list.
  6. Select the option for Computer account.
  7. Leaving everthing as default, click on Finish on the file screen of the wizard.
  8. Close the Add Standalone Snap-in.
  9. Click OK on the Add/Remove Snap-in window.
  10. In MMC, expand the tree in the left hand pane by clicking on the + sign.
  11. Double click and expand Intermediate Certification Authorities.
    You should see two options directly underneath Intermediate Certificates Authorities.
  12. Right click on Certificates and select All Tasks and then Import.
    You should see a wizard.
  13. Click Next.
  14. At the next screen, click browse and select the intermediate file that you would like to install.  The file extension of this file should be either .crt or .cer.  Once you are done, click Next.
  15. At the next screen, accept the default of Place all certificates in the following store and click Next.
  16. At the final screen, click on Finish.

Installing your ssl Certificate on a Microsoft IIS 5.x / 6.x

 

1. Save the certificate files from the email you received.

to your computer. You may use whatever filename and extension that you want so long as you remember what you used. It is suggested that you save the files with a .cer extension which will make importing the certificates into IIS easier.

 

2. Installing the Root & Intermediate Certificates:

You will have received 4 Certificates:

  • (Root CA Certificate – UTN-USERFirst-Hardware.crt
  • Intermediate CA Certificate – AddTrustUTNServerCA.crt
  • Intermediate CA Certificate – PostiveSSLCA.crt
  • Your SSL Server Certificate – yourdomain_com.crt

Save these Certificates to the desktop of the webserver machine, then:

  • Click the Start Button then select Run and type mmc
  • Click Console and select Add/Remove Snap in
  • Select Add, select Certificates from the Add Standalone Snap-in box and click Add
  • Select Computer Account and Local Computer then click Finish
  • Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
  • Return to the MMC
Root Certificate:
  • To install the UTN-USERfirst-Hardware Root Certificate:

IIS SSL server certificate - GTECyber TrustRoot

  • Right click the Trusted Root Certification Authorities, select All Tasks, select Import.

IIS SSL server certificate - certificate import wizard

  • Click Next.

IIS SSL server certificate - file for import

  • Locate the UTN-USERfirst-Hardware Certificate and click Next.
  • When the wizard is completed, click Finish.
Intermediate Certificates:

  • To install the PostiveSSLCA certificate & AddTrustUTNServerCA intermediate Certificates:

IIS SSL server certificate - console

  • Right click the Intermediate Certification Authorities, select All Tasks, select Import.
  • Complete the import wizard again, but this time locating the PostiveSSLCA Certificate when prompted for the Certificate file.
  • Repeat for the AddTrustUTNServerCA intermediate certificate
Check your progress:
  • Ensure that the UTN-USERfirst-Hardware certificate appears under Trusted Root Certification Authorities
  • Ensure that the PostiveSSLCA & AddTrustUTNServerCA appears under Intermediate Certification Authorities

Installing your IIS SSL Certificate:

  • Select Administrative Tools
  • Start Internet Services Manager

IIS SSL server certificate - internet services manager

  • Open the properties window for the website. You can do this by right clicking on the Default Website and selecting Properties from the menu.
  • Open Directory Security by right clicking on the Directory Security tab

IIS SSL server certificate - default properties

  • Click Server Certificate. The following Wizard will appear:

IIS SSL server certificate - pending request

  • Choose to Process the Pending Request and Install the Certificate. Click Next.
  • Enter the location of your IIS SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next.
  • Read the summary screen to be sure that you are processing the correct certificate, and then click Next.
  • You will see a confirmation screen. When you have read this information, click Next.
  • You now have an IIS SSL server certificate installed.

Important: You must now restart the computer to complete the install

You may want to test the Web site to ensure that everything is working correctly. Be sure to use when you test connectivity to the site.


Troubleshooting

If you get a security message when viewing the site under https, check the certificate path. If the path does not contain the UTN-USERfirst-Hardware and PostiveSSLCA, similar to this:
 

Then the intermediate certificates are not properly installed, please check the portion of these instructions regarding the installa
tion of the intermediate certificates.

The proper path looks like this in Internet explorer:
 OR this in firefox

Related Post