Knowledge Base
How to resolve untrusted or unknown issuer warnings due to incomplete certificate chain issues?
Overview
When installing an SSL/TLS certificate on a server, it is essential to include all intermediate certificates along with the leaf (end-entity) certificate. Intermediate certificates form the link between the server certificate and the trusted root certificate authority (CA). Without these, browsers cannot build a complete certificate chain, resulting in “Untrusted” or “Unknown Issuer” warnings.
Why Intermediate Certificates Matter
-
Intermediate certificates act as a bridge between the leaf certificate and the root certificate.
-
If an intermediate certificate is missing, browsers fail to validate the chain and flag the certificate as an untrusted or unknown issuer.
-
This issue can negatively impact user trust and SEO rankings due to security warnings.
How to Verify Your Certificate Chain
Use tools like:
-
These tools help confirm whether your certificate chain is complete and properly configured.
Steps to Fix Missing Intermediate Certificates
-
Check the certificate chain using SSL testing tools.
-
Download and install the correct intermediate certificate on your server.
Be mindful that steps vary by platform (e.g., Windows Server, Apache, NGINX).
-
Restart your web server after installation to apply changes.
Best Practices
-
Always install the full certificate chain provided by your Certificate Authority (Sectigo).
-
Test your SSL configuration after installation using SSL Labs or SSL Checker.
-
Keep intermediate certificates updated during renewals to avoid chain breaks.
Related Guides:
Tags:
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
