SearchSupportDocsFree trial
Contact us

Knowledge Base

Knowledge BaseSSL Technical FAQs

Adding root and intermediate certificates via MMC

Updated on June 19, 2026
 
 

Overview 

By following this article, you will import a root certificate and its intermediate certificate(s) into the correct certificate stores on a Windows server using the Microsoft Management Console (MMC), so that certificate chain errors are resolved. It covers the files you need, how to add the Certificates snap-in for the computer account, how to import the root certificate into the Trusted Root Certification Authorities store, how to import the intermediate certificates into the Intermediate Certification Authorities store, and how to restart your website in Internet Information Services (IIS) to apply the changes. 

What you need 

Before you start, have the following files on hand: 

  • The root certificate. 

  • The intermediate certificate(s). 

You can obtain these from your Sectigo account, or download them from the Root & Intermediate Certificates section of the Sectigo Downloads area. If you are unsure which file is the root and which are the intermediates, see the related article “Which is Root? Which is Intermediate?” 

Add the Certificates snap-in to MMC 

  1. Open the Microsoft Management Console (MMC): select Start → Run, type mmc (without quotes), and click OK (or press Enter). 

Figure 1Windows Run dialog with mmc entered in the Open field 

Figure 1. Windows Run dialog with “mmc” entered in the Open field. 

  1. Open the snap-in window: select File → Add/Remove Snap-in. 

Figure 2MMC console with the File menu open and Add/Remove Snap-in selected 

Figure 2. MMC console with the File menu open and “Add/Remove Snap-in” selected. 

  1. Click Add. 

Figure 3Add/Remove Snap-in dialog (Standalone tab) with the Add button 

Figure 3. Add/Remove Snap-in dialog (Standalone tab) with the Add button. 

  1. In the list of available snap-ins, double-click Certificates. 

Figure 4Add Standalone Snap-in list with Certificates selected 

Figure 4. Add Standalone Snap-in list with “Certificates” selected. 

  1. Select Computer account, then click Next. 

Note: This step is important — you must choose Computer account, not any other account. 

Figure 5Certificates snap-in dialog with Computer account selected 

Figure 5. Certificates snap-in dialog with “Computer account” selected. 

  1. Select Local computer, then click Finish. 

Figure 6Select Computer dialog with Local computer selected 

Figure 6. Select Computer dialog with “Local computer” selected. 

  1. Close the Add Standalone Snap-in window, then click OK in the Add/Remove Snap-in window. You return to the MMC console with the Certificates tree available. 

Import the root certificate 

  1. In the console tree, expand Certificates (Local Computer) to show the certificate stores. 

  1. Right-click Trusted Root Certification Authorities, select All Tasks, then select Import. 

Figure 7Right-clicking Trusted Root Certification Authorities and choosing All Tasks → Import 

Figure 7. Right-clicking “Trusted Root Certification Authorities” and choosing All Tasks → Import. 

  1. In the Certificate Import Wizard, click Next. 

Figure 8Certificate Import Wizard welcome screen 

Figure 8. Certificate Import Wizard welcome screen. 

  1. Click Browse, locate the root certificate file, then click Next. 

Figure 9Certificate Import Wizard File to Import screen with the File name field and Browse button 

Figure 9. Certificate Import Wizard “File to Import” screen with the File name field and Browse button. 

  1. Click Finish to complete the wizard. 

Import the intermediate certificates 

Import the intermediate certificate(s) into the Intermediate Certification Authorities store using the same Certificate Import Wizard: 

  1. In the console tree, right-click Intermediate Certification Authorities, select All Tasks, then select Import. 

Figure 10Right-clicking Intermediate Certification Authorities and choosing All Tasks → Import 

Figure 10. Right-clicking “Intermediate Certification Authorities” and choosing All Tasks → Import. 

  1. In the Certificate Import Wizard, click Next. 

  1. Click Browse, locate an intermediate certificate file (the remaining certificate files apart from your domain certificate), then click Next. 

  1. Click Finish to complete the wizard. Repeat for each intermediate certificate. 

Restart your website in IIS 

Restart your website in Internet Information Services (IIS) to apply the new certificates. If the page still shows certificate errors: 

  1. Stop and start the website in IIS. 

  1. If errors persist, restart the IIS service. 

  1. As a last resort only, restart the server. 

Similar questions 

  • How do I install a root certificate on a Windows server? 

  • How do I import an intermediate certificate using MMC? 

  • How do I add the Certificates snap-in for the computer account in MMC? 

  • Why do I still see certificate chain errors after importing the certificates? 

  • How do I restart my website in IIS after installing a certificate? 

 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources