Home What is an SSL-Certificate Popular questions about the root and intermediate certificates

Popular questions about the root and intermediate certificates

Posted on by editor

In the following article we have compiled the most popular questions related to the root certificate.

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

Q: Should I install the root certificate on the server?

Answer: No, the root certificate is built into the connected device. In the case of web browsers, root certificates are supplied with the software package.

Q: How to install intermediate SSL-certificates?

Answer: Installation of intermediate SSL-certificates depends on the web server and the environment in which the installation of the certificate is performed. Apache is required to add intermediate SSL-certificates and indicated the location of the package in SSLCertificateChainFile configuration. On the other hand, Nginx required for packing intermediate SSL-certificates in a separate bundle with a final certificate.

It is necessary to study the documentation of Web server in order to determine how to correctly install the domain certificate and intermediate certificates.

Q: What happens if I do not install intermediate SSL-certificates?

Answer: If you do not install one or more intermediate SSL-certificates, it will result in a gap in the chain of certificates. You will create a gap between a particular certificate (final or intermediate) and his issuer. If device cannot find the trusted issuer of certificate, the certificate and the whole chain from intermediate certificate to final certificate will be untrusted.

As a result, your final certificate will be not trusted. Web browsers will display a notification showing that the certificate is invalid or not trusted.

Q: How to reduce the chain of certificates in my browser?

Answer: Unfortunately, it is impossible. The only way to shorten the chain of certificates is to add the intermediate certificate to the root. Ideally, you should use a certificate from a certification authority, in this case the chain will include only two certificates.

However, root certificates are packed together with the browser, and the list cannot be changed by anyone other than the browser developers.

Related posts:

  1. What is an intermediate SSL-certificate? How it is used?
  2. Popular warnings in browsers, related for SSL-certificates
  3. Why is there a huge number of invalid certificates?
  4. Best practices of SSL-Certificate Management
  5. Why do you need to install an SSL certificate on a site
  6. Apple denied a certificate trust of WoSign
  7. Error with GlobalSign certificates led to massive problems with HTTPS-sites
  8. The purpose and function of SSL certificates
  9. What you need to do to protect your site with SSL-certificate?
  10. How SSL-certificates help keep the site secure

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

Posted in What is an SSL-Certificate Tagged with: , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.